--- PROCESS FUNCTIONS --- Load supplimental files... - Skip function list, total:795 - Skip var list, total:22 Pre-processing... STOP WATCH[0]: 308.852000 ms Found 972 syscalls Process Gating Functions Gating Function Type: capability Load CAP FUNC list, total:3 Inner checking functions: - avc_denied @ 7 - security_capable @ 2 i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable to i8*) i8* bitcast (i1 (i32)* @capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_noaudit to i8*) i8* bitcast (i1 (%struct.sock.250976*, %struct.user_namespace*, i32)* @sk_ns_capable to i8*) i8* bitcast (i1 (%struct.sk_buff.245212*, i32)* @netlink_net_capable to i8*) i8* bitcast (i1 (%struct.sock.250976*, i32)* @sk_net_capable to i8*) i8* bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i8*) i8* bitcast (i1 (%struct.task_struct.43108*, i32)* @has_capability to i8*) i8* bitcast (i1 (%struct.sock.250976*, i32)* @sk_capable to i8*) i8* bitcast (i1 (%struct.netlink_skb_parms.676969*, %struct.user_namespace*, i32)* @__netlink_ns_capable to i8*) i8* bitcast (i1 (%struct.file.43183*, %struct.user_namespace*, i32)* @file_ns_capable to i8*) i8* bitcast (i1 (%struct.sk_buff.245212*, i32)* @netlink_capable to i8*) i8* bitcast (i1 (%struct.user_namespace*, i32)* @ns_capable_setid to i8*) i8* bitcast (i1 (%struct.sk_buff.245212*, %struct.user_namespace*, i32)* @netlink_ns_capable to i8*) STOP WATCH[0]: 5.030000 ms =chk functions and wrappers (total:18)= . ns_capable_noaudit @ 1 . sk_ns_capable @ 2 . sk_net_capable @ 1 . netlink_ns_capable @ 2 . netlink_net_capable @ 1 . ns_capable @ 1 . has_ns_capability_noaudit @ 2 . capable @ 0 . netlink_capable @ 1 . ns_capable_setid @ 1 . avc_has_perm_noaudit @ 5 . has_capability @ 1 . has_capability_noaudit @ 1 . capable_wrt_inode_uidgid @ 1 . has_ns_capability @ 2 . sk_capable @ 1 . __netlink_ns_capable @ 2 . file_ns_capable @ 2 =o= Collect Checkpoints STOP WATCH[0]: 291.483000 ms Identify interesting struct Function: compat_do_ip6t_get_ctl used by  new discover:struct.nf_sockopt_ops.791957 Function: do_ip6t_get_ctl used by struct.nf_sockopt_ops.791957 Function: compat_do_ip6t_set_ctl used by struct.nf_sockopt_ops.791957 Function: inet6_create used by struct.net_proto_family.764705 Function: set_permissions used by  new discover:struct.ctl_table_root Function: unix_ioctl used by  new discover:struct.proto_ops.250972 Function: compat_do_ipt_get_ctl used by  new discover:struct.nf_sockopt_ops.748132 Function: do_ipt_get_ctl used by struct.nf_sockopt_ops.748132 Function: compat_do_ipt_set_ctl used by struct.nf_sockopt_ops.748132 Function: ptp_ioctl used by  new discover:struct.posix_clock_operations Function: do_ip6t_set_ctl used by struct.nf_sockopt_ops.791957 Function: netlink_sendmsg used by  new discover:struct.proto_ops.245444 Function: netlink_setsockopt used by struct.proto_ops.245444 Function: netlink_connect used by struct.proto_ops.245444 Function: store_rps_map used by struct.rx_queue_attribute Function: store_rps_dev_flow_table_cnt used by struct.rx_queue_attribute Function: carrier_store used by struct.device_attribute.664459 Function: mtu_store used by struct.device_attribute.664459 Function: flags_store used by struct.device_attribute.664459 Function: tx_queue_len_store used by struct.device_attribute.664459 Function: gro_flush_timeout_store used by struct.device_attribute.664459 Function: net_current_may_mount used by  new discover:struct.kobj_ns_type_operations.664452 Function: proc_bus_pci_read used by struct.file_operations Function: net_ctl_permissions used by struct.ctl_table_root Function: p4_hw_config used by  new discover:struct.x86_pmu.4114 Function: pps_enable_store used by struct.device_attribute.590241 Function: pidns_install used by struct.proc_ns_operations.49830 Function: efivar_attr_store used by struct.sysfs_ops Function: seccomp_actions_logged_handler used by  new discover:struct.ctl_table Function: nfnetlink_rcv used by  new discover:struct.netlink_kernel_cfg.676970 Function: autofs_dev_ioctl used by struct.file_operations.96761 Function: perf_mmap used by struct.file_operations.104930 Function: uart_ioctl used by  new discover:struct.tty_operations.343711 Function: soft_store used by struct.device_attribute.870968 Function: r_show used by  new discover:struct.seq_operations Function: proc_dointvec_minmax_sysadmin used by struct.ctl_table Function: dm_ctl_ioctl used by struct.file_operations.594947 Function: open_port used by struct.file_operations.348139 Function: sdev_store_eh_timeout used by struct.device_attribute.525534 Function: provisioning_mode_store used by struct.device_attribute.528224 Function: subcaches_store used by struct.device_attribute.22835 Function: sock_ioctl used by struct.file_operations.250931 Function: cgroupns_install used by struct.proc_ns_operations.88624 Function: mmap_min_addr_handler used by struct.ctl_table Function: ext4_attr_store used by struct.sysfs_ops.184254 Function: md_attr_store used by struct.sysfs_ops.272815 Function: snapshot_ioctl used by struct.file_operations Function: pci_read_config used by struct.bin_attribute Function: cgroup_release_agent_write used by  new discover:struct.cftype.88851 Function: packet_create used by struct.net_proto_family Function: proc_taint used by struct.ctl_table Function: mntns_install used by struct.proc_ns_operations.138680 Function: proc_cap_handler used by struct.ctl_table Function: i915_gem_context_reset_stats_ioctl used by  new discover:struct.drm_ioctl_desc.379639 Function: netlink_bind used by struct.proto_ops.245444 Function: ifalias_store used by struct.device_attribute.664459 Function: timerslack_ns_write used by struct.file_operations.162623 Function: proc_do_static_key used by struct.ctl_table Function: mtrr_write used by struct.file_operations Function: devkmsg_open used by struct.file_operations.70631 Function: state_store.66799 used by struct.device_attribute.870968 Function: ipcns_install used by struct.proc_ns_operations.246014 Function: packet_sendmsg_spkt used by struct.proto_ops.250972 Function: serport_ldisc_open used by  new discover:struct.tty_ldisc_ops.337070 Function: do_ipt_set_ctl used by struct.nf_sockopt_ops.748132 Function: esre_attr_show used by struct.sysfs_ops Function: ipip6_tunnel_ioctl used by  new discover:struct.net_device_ops.706956 Function: mtrr_ioctl used by struct.file_operations Function: open_kcore used by struct.file_operations Function: proc_bus_pci_mmap used by struct.file_operations Function: msr_open used by struct.file_operations Function: i915_perf_remove_config_ioctl used by struct.drm_ioctl_desc.379639 Function: inet_create used by struct.net_proto_family.730785 Function: cg_skb_is_valid_access used by  new discover:struct.bpf_verifier_ops Function: utsns_install used by struct.proc_ns_operations Function: numa_node_store used by struct.device_attribute.293348 Function: tx_maxrate_store used by struct.netdev_queue_attribute Function: audit_receive used by  new discover:struct.netlink_kernel_cfg Function: audit_bind used by struct.netlink_kernel_cfg Function: i915_perf_open_ioctl used by struct.drm_ioctl_desc.379639 Function: enable_store used by struct.device_attribute.293348 Function: packet_sendmsg used by struct.proto_ops.250972 Function: group_store used by struct.device_attribute.664459 Function: xps_rxqs_store used by struct.netdev_queue_attribute Function: xps_cpus_store used by struct.netdev_queue_attribute Function: rtc_dev_ioctl used by struct.file_operations Function: tty_ioctl used by struct.file_operations.250931 Function: vt_ioctl used by  new discover:struct.tty_operations.43870 Function: vt_compat_ioctl used by struct.tty_operations.43870 Function: uart_set_info_user used by struct.tty_operations.343711 Function: uart_proc_show used by struct.tty_operations.343711 Function: random_ioctl used by struct.file_operations.273188 Function: nvram_misc_ioctl used by struct.file_operations Function: agp_open used by struct.file_operations.42998 Function: pagemap_read used by struct.file_operations.161653 Function: pps_cdev_ioctl used by struct.file_operations Function: efivar_attr_show used by struct.sysfs_ops Function: rtnetlink_bind used by  new discover:struct.netlink_kernel_cfg.657328 Function: intel_pmu_hw_config used by  new discover:struct.x86_pmu.5956 Function: proto_down_store used by struct.device_attribute.664459 Function: __inet6_bind used by  new discover:struct.ipv6_bpf_stub.764713 Function: i915_getparam_ioctl used by struct.drm_ioctl_desc.379639 Function: netns_install used by struct.proc_ns_operations.650972 Function: i915_perf_add_config_ioctl used by struct.drm_ioctl_desc.379639 Function: lo_ioctl used by  new discover:struct.block_device_operations.519936 Function: max_medium_access_timeouts_store used by struct.device_attribute.528224 Function: max_write_same_blocks_store used by struct.device_attribute.528224 Function: zeroing_mode_store used by struct.device_attribute.528224 Function: protection_type_store used by struct.device_attribute.528224 Function: manage_start_stop_store used by struct.device_attribute.528224 Function: allow_restart_store used by struct.device_attribute.528224 Function: sg_proc_write_dressz used by struct.file_operations.529739 Function: sg_proc_write_adio used by struct.file_operations.529739 Function: compat_blkdev_ioctl used by struct.file_operations.112773 Function: msi_bus_store used by struct.device_attribute.293348 Function: md_ioctl used by  new discover:struct.block_device_operations.272905 Function: rdev_attr_store used by struct.sysfs_ops.272815 Function: dm_blk_ioctl used by  new discover:struct.block_device_operations.594684 Function: store_state_disable used by  new discover:struct.cpuidle_state_attr STOP WATCH[0]: 467.453000 ms Collecting Initialization Closure. Finding Kernel Entry Point and all __initcall_ Found x86_64_start_kernel STOP WATCH[1]: 51.375000 ms Initial Kernel Init Function Count:2 Over Approximate Kernel Init Functions STOP WATCH[1]: 26.356000 ms Refine Result refine pass 0 1563 left refine pass 1 820 left refine pass 2 623 left refine pass 3 566 left refine pass 4 557 left Refine result : count=557 STOP WATCH[1]: 16.277000 ms =Kernel Init Functions= acpi_os_map_generic_address acpi_os_initialize acpi_ut_create_caches acpi_os_predefined_override printk_safe_init rcu_scheduler_starting buffer_init efi_map_region_fixed reserve_brk __init_swait_queue_head setup_xstate_comp tpm2_calc_event_log_size efi_tpm_eventlog_init print_xstate_offset_size cpu_set_bug_bits fpu__get_supported_xfeatures_mask __xstate_dump_leaves fpu__init_prepare_fx_sw_frame setup_init_fpu_buf fpu__init_system e820__memory_setup parse_efi_setup parse_setup_data do_add_efi_memmap x86_report_nx memblock_x86_reserve_range_setup_data e820__reserve_setup_data early_memremap_ro efi_reuse_config add_bootloader_randomness efi_memattr_init efi_config_parse_tables efi_runtime_init efi_memmap_entry_valid efi_clean_memmap dmi_smbios3_present print_filtered dmi_format_ids dmi_present dmi_decode_table dmi_walk_early dump_stack_set_arch_desc dmi_setup tsc_early_init prandom_bytes_state e820_add_kernel_range e820__end_of_ram_pfn get_mtrr_var_range amd_special_default_mtrr print_fixed print_fixed_last print_mtrr_state get_mtrr_state mtrr_bp_pat_init mtrr_cleanup init_cache_modes snb_gfx_workaround_needed e820__end_of_low_ram_pfn memblock_set_current_limit memblock_allow_resize memblock_add e820__memblock_setup init_ohci1394_wait_for_busresets reserve_bios_regions fpu__init_parse_early_param init_memory_less_node init_cpu_to_node efi_find_mirror fpu__init_system_generic efi_mem_desc_end memblock_trim_memory efi_esrt_init efi_reserve_boot_services e820_search_gap e820__setup_pci_gap e820__memblock_alloc_reserved e820__memblock_alloc_reserved_mpc_new setup_bios_corruption_check reserve_real_mode trim_snb_memory pti_check_boottime_disable probe_page_size_mask init_trampoline_pud init_trampoline memory_map_bottom_up memory_map_top_down init_mem_mapping get_phy_reg set_phy_reg sysctl_init acpi_reserve_initial_tables acpi_boot_table_init copy_from_early_mem relocate_initrd e820__update_table_print arch_reserve_mem_area acpi_table_upgrade detect_vsmp_box vsmp_cap_cpus set_vsmp_ctl vsmp_init io_delay_init early_platform_quirks early_identify_cpu acpi_table_init_complete acpi_osi_dmi_darwin acpi_osi_dmi_blacklisted early_acpi_osi_init early_acpi_process_madt early_acpi_boot_init parse_crashkernel_high numa_cleanup_meminfo numa_reset_distance absent_pages_in_range init_ohci1394_reset_and_init_dma memblock_phys_alloc_try_nid alloc_node_data __memblock_dump_all numa_register_memblks x86_numa_init initmem_init memblock_mem_size parse_crashkernel_suffix parse_crashkernel_low swiotlb_size_or_default reserve_crashkernel_low reserve_crashkernel set_dma_reserve map_vsyscall check_dev_quirk early_pci_scan_bus early_ioremap_setup acpi_process_madt trim_bios_range acpi_parse_spcr apic_validate_deadline_timer init_apic_mappings prefill_possible_map ioapic_setup_resources io_apic_init_mappings e820_type_to_string firmware_map_add_early e820__reserve_resources efi_apply_memmap_quirks mcheck_intel_therm_init mcheck_vendor_init_severity mcheck_init register_refined_jiffies unwind_init setup_arch init_timers cpu_mitigations_off print_xstate_features e820__memory_setup_extended setup_xstate_features init_ohci1394_dma_on_all_controllers free_saved_cmdlines_buffer memblock_find_dma_reserve setup_nr_cpu_ids rcu_early_boot_tests rcupdate_announce_bootup_oddness rcu_bootup_announce_oddness rcu_dump_rcu_node_tree rcutree_prepare_cpu srcu_init rcu_init vm_area_register_early initialize_lsm arch_get_random_seed_long_early arch_get_random_long_early random_init unregister_event_command acpi_ut_create_rw_lock pti_user_pagetable_walk_pte set_task_stack_end_magic sort_iommu_table cgroup_init_early pti_setup_vsyscall mm_init acpi_ns_root_initialize load_ucode_amd_bsp bdev_cache_init __free_memory_core vm_area_add_early acpi_ut_initialize_interfaces add_range_with_merge hrtimers_prepare_cpu register_trigger_traceon_traceoff_cmds acpi_mps_check load_ucode_bsp x86_get_mtrr_mem_range ioremap_huge_init inode_init_early efi_systab_init zone_pageset_init lsm_set_blob_sizes ordered_lsm_init security_init signals_init arch_ioremap_pud_supported pcpu_build_alloc_info pcpu_dump_alloc_info early_ioremap_init pcpu_chunk_relocate setup_node_to_cpumask_map init_cfs_rq init_cfs_bandwidth parse_crashkernel_mem init_tg_cfs_entry memblock_mark_mirror restart_nmi page_alloc_init setup_cpu_local_masks proc_sys_init acpi_boot_init percpu_setup_exception_stacks arch_ioremap_pmd_supported numa_init efi_free_boot_services init_sched_fair_class efi_init idt_setup_early_handler cgroup1_ssid_disabled pcpu_setup_first_chunk kaslr_get_random_long fork_init cea_map_percpu_pages lsm_allowed efi_unmap_pages nsproxy_cache_init workqueue_init_early efi_memmap_init_early prepare_lsm early_security_init l1tf_select_mitigation efi_call_phys_prolog percpu_setup_debug_store call_function_init idt_setup_traps __load_ucode_amd lcm numa_policy_init reset_all_zones_managed_pages pcpu_alloc_alloc_info x86_amd_ssb_disable efi_ioremap taa_select_mitigation init_xstate_size kmem_cache_init cgroup_init_subsys boot_cpu_init register_event_command register_trigger_cmds set_num_var_ranges trace_init init_range_memory_mapping efi_memattr_apply_permissions pcpu_page_first_chunk arch_probe_nr_irqs copy_init_mm pci_msi_create_irq_domain vfs_caches_init_early arch_early_irq_init early_irq_init register_trigger_enable_disable_cmds event_trace_enable efi_thunk_set_virtual_address_map md_clear_select_mitigation early_code_mapping_set_exec ssb_parse_cmdline mds_select_mitigation efi_memmap_init_late dmi_scan_machine key_init split_mem_range memblock_dump sched_init cgroup_init delayacct_init spectre_v1_select_mitigation init_ohci1394_controller idt_setup_early_traps proc_root_init parse_crashkernel_simple report_meminit uts_ns_init arch_early_ioapic_init setup_zone_pageset arch_post_acpi_subsys_init trap_init cgroup_idr_alloc cgroup_add_cftypes numa_clear_kernel_node_hotplug alternative_instructions bootstrap acpi_subsystem_init efi_map_regions reserve_initrd idt_setup_ist_traps ssb_select_mitigation init_mount_tree softirq_init e820__register_nosave_regions pti_user_pagetable_walk_p4d srbds_select_mitigation pcpu_alloc_first_chunk init_dl_rq rcu_test_sync_prims proc_thread_self_init cgroup_add_legacy_cftypes mnt_init cpumask_weight.12833 init_schedstats cmdline_find_option_bool memblock_phys_mem_size files_init init_rt_rq register_trigger_stacktrace_cmd check_loader_disabled_bsp fpu__init_system_xstate ntp_init page_writeback_init acpi_ut_init_globals housekeeping_init trace_event_init idle_thread_set_boot_cpu arch_ioremap_p4d_supported irq_set_default_host arch_task_cache_init setup_cpu_entry_area identify_boot_cpu spectre_v2_select_mitigation apply_microcode_early_amd __parse_crashkernel x86_64_start_reservations init_ohci1394_initialize efi_native_runtime_setup __trace_early_add_events early_alloc_pgt_buf free_low_memory_core_early pcpu_free_alloc_info efi_runtime_update_mappings memblock_is_region_memory efi_enter_virtual_mode start_kernel cpumask_weight.5809 acpi_blacklisted x86_64_start_kernel cgroup_init_cftypes cmdline_find_option pti_init save_mr load_ucode_intel_bsp check_bugs lookup_address setup_nr_node_ids __ssb_select_mitigation __map_region acpi_ut_mutex_initialize sched_clock_init mtrr_bp_init dcache_init vfs_caches_init init_espfix_random log_buf_add_cpu perf_event_init_all_cpus mtrr_trim_uncached_memory update_spec_ctrl early_reserve_initrd arch_call_rest_init acpi_reallocate_root_table efi_md_typeattr_format thread_stack_cache_init early_trace_init cleanup_highmap proc_self_init cred_init idt_setup_debugidt_traps register_nosave_region spectre_v2_user_select_mitigation sort_main_extable setup_per_cpu_pageset __efi_enter_virtual_mode setup_log_buf init_ohci1394_soft_reset retbleed_select_mitigation acpi_initialize_subsystem setup_per_cpu_areas rcu_sync_enter_start cpuset_init nsfs_init set_proc_pid_nlink proc_tty_init proc_caches_init memblock_overlaps_region pgtable_cache_init update_regset_xstate_info cgroup_add_dfl_cftypes sysfs_init early_acpi_parse_madt_lapic_addr_ovr set_vsyscall_pgtable_user_bits pti_clone_user_shared pagecache_init anon_vma_init crash_reserve_low_1M __free_pages_memory ordered_lsm_parse rcutree_online_cpu lsm_early_task lsm_early_cred n_tty_init efi_config_init efi_map_region pcpu_embed_first_chunk memblock_set_node kernfs_init inode_init md_clear_update_mitigation mmio_select_mitigation efi_dump_pagetable efi_setup_page_tables efi_print_memmap files_maxfiles_init efi_merge_regions get_last_crashkernel perf_event_init_cpu insert_vmap_area kexec_enter_virtual_mode tracer_alloc_buffers perf_event_init efi_delete_dummy_variable seq_file_init efi_thunk_runtime_setup console_init kmem_cache_init_late jump_label_init event_trace_memsetup dcache_init_early mem_encrypt_init tick_broadcast_init e820__print_table __trace_early_add_new_event radix_tree_init print_xstate_feature build_all_zonelists __build_all_zonelists build_zonelists uprobes_init build_all_zonelists_init cpuset_init_current_mems_allowed mminit_verify_zonelist chrdev_init efi_runtime_init32 shmem_init efi_runtime_init64 init_espfix_bsp old_map_region check_iommu_entries mmap_init int3_selftest unregister_die_notifier pid_idr_init poking_init spectre_v2_parse_cmdline smp_setup_processor_id time_init x86_early_init_platform_quirks initcall_debug_enable acpi_pic_sci_set_trigger proc_create_mount_point setup_command_line tsx_init rest_init rcu_init_one rcu_boot_init_percpu_data e820__finish_early_params match_config_table arch_init_msi_domain efi_call_phys_epilog cgroup_rstat_boot phys_efi_set_virtual_address_map efi_set_executable proc_init_kmemcache acpi_early_init vmalloc_init early_cpu_init taskstats_init_early spectre_v2_parse_user_cmdline idt_setup_early_pf init_timer_cpus cpu_mitigations_auto_nosmt set_memory_nonglobal can_free_region init_rootfs kernel_randomize_memory early_panic kclist_add boot_cpu_hotplug_init memblock_free_all acpi_os_create_cache alloc_ioapic_saved_registers copy_bootdata spectre_v2_determine_rsb_fill_type_at_vmexit spec_ctrl_disable_kernel_rrsba runtime_code_page_mkexec stop_nmi memblock_clear_hotplug efi_alloc_page_tables init_hw_breakpoint hrtimers_init kernel_unmap_pages_in_pgd dmi_memdev_walk parse_early_param numa_meminfo_cover_memory create_kmalloc_caches create_kmalloc_cache kmalloc_cache_name new_kmalloc_cache setup_kmalloc_cache_index_table create_boot_cache tick_init acpi_parse_madt_lapic_entries get_cpu_vendor acpi_parse_madt_ioapic_entries init_dl_bandwidth efi_memory_uc init_memory_mapping clean_sort_range kernel_physical_mapping_init adjust_range_page_size_mask early_quirks cpumask_weight.7590 init_rt_bandwidth setup_cpu_entry_areas topology_smt_supported memblock_free_pages timekeeping_init read_persistent_wall_and_boot_offset mp_config_acpi_legacy_irqs irq_alloc_matrix proc_net_init arch_init_ideal_nops add_preferred_console init_defrootdomain numa_init_array append_ordered_lsm wait_bit_init efi_memblock_x86_reserve_range parse_crashkernel init_IRQ trace_printk_start_comm mem_init mem_init_print_info cpu_smt_check_topology register_page_bootmem_info reserve_bootmem_region pci_iommu_alloc =o= STOP WATCH[0]: 94.532000 ms Identify Kernel Modules Interface STOP WATCH[0]: 52.182000 ms dynamic KMI #dyn kmi resolved:2355 STOP WATCH[0]: 219.884000 ms Populate indirect callsite using kernel module interface I am expecting a pointer type! got:%struct.rq_qos.282014 = type { %struct.rq_qos_ops.282013*, %struct.request_queue.282031*, i32, %struct.rq_qos.282014*, %struct.dentry.282055* } I am expecting a pointer type! got:%struct.rq_qos.282014 = type { %struct.rq_qos_ops.282013*, %struct.request_queue.282031*, i32, %struct.rq_qos.282014*, %struct.dentry.282055* } ------ KMI STATISTICS ------ # of indirect call sites: 19723 # resolved by KMI:18016 91% # - KMI:8007 40% # - DKMI:2713 13% # (total target) of callee:47812 # undefined-found-m : 6026 30% # undefined-udf-m : 1270 6% # fpara(KMI can not handle, try SVF?): 547 2% # global fptr(try SVF?): 123 0% # cast fptr(try SVF?): 0 0% # call use container_of(), high level type info stripped: 954 4% # unknown pattern:83 0% STOP WATCH[0]: 7701.406000 ms Collect all permission-checked variables and functions Critical functions skipped because of skip func list: 276 STOP WATCH[0]: 448.379000 ms Collected 744 critical functions Collected 156 critical variables Collected 208 critical type/fields --- Variables Protected By Gating Function--- dcookie_hashtable CAP_SYS_ADMIN @ capable dcookie_users CAP_SYS_ADMIN @ capable mdp_major CAP_SYS_ADMIN @ capable all_detected_devices CAP_SYS_ADMIN @ capable detected_devices_mutex CAP_SYS_ADMIN @ capable sg_big_buff CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check cn_proc_event_id CAP_NET_ADMIN @ __netlink_ns_capable cleanup_list.58463 CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable cb_lock CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check crng_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable redirect CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable create_on_open CAP_SYS_ADMIN @ capable ksys_msgget.msg_ops CAP_IPC_OWNER @ ns_capable ksys_semget.sem_ops CAP_IPC_OWNER @ ns_capable ipc_kht_params CAP_IPC_OWNER @ ns_capable pipe_mnt CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check pipe_max_size CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check uevent_seqnum CAP_NET_BROADCAST @ file_ns_capable CAP_SYS_ADMIN @ netlink_ns_capable inconsistent check uevent_sock_mutex CAP_SYS_ADMIN @ netlink_ns_capable uid CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check key_quota_maxkeys CAP_SYS_ADMIN @ capable event_mutex CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable alarm_bases CAP_WAKE_ALARM @ capable CAP_WAKE_ALARM @ capable uts_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable kexec_load_disabled CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable devmem_inode CAP_SYS_RAWIO @ capable m_hash_mask CAP_SYS_ADMIN @ ns_capable lookup_ioctl._ioctls CAP_SYS_ADMIN @ capable seccomp_actions_logged CAP_SYS_ADMIN @ capable packet_ops_spkt CAP_NET_RAW @ ns_capable check_qop.__print_once CAP_IPC_OWNER @ ns_capable m_hash_shift CAP_SYS_ADMIN @ ns_capable qdisc_base CAP_NET_ADMIN @ capable sysctl_hugetlb_shm_group CAP_IPC_LOCK @ capable table.59761 CAP_NET_ADMIN @ netlink_net_capable mmap_min_addr CAP_SYS_RESOURCE @ capable zero_pfn CAP_SYS_ADMIN @ capable percpu_counter_batch CAP_SYS_RESOURCE @ capable efivar_sysfs_list CAP_SYS_ADMIN @ capable collected CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check debug.47737 CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check body_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check key_quota_root_maxbytes CAP_SYS_ADMIN @ capable hash_size CAP_SYS_ADMIN @ capable wfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check init_pid_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable io_uring_fops CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check fscontext_fops CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable gid CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check pipefifo_fops CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check perf_fops CAP_SYS_ADMIN @ capable funcbufleft CAP_SYS_TTY_CONFIG @ capable show_unhandled_signals CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check tcp_ulp_list CAP_NET_ADMIN @ capable pagemap_ops CAP_SYS_ADMIN @ file_ns_capable qdisc_mod_lock CAP_NET_ADMIN @ capable nr_swapfiles CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable next_state CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check xfrm_dispatch CAP_NET_ADMIN @ netlink_net_capable cgroupns_operations CAP_SYS_ADMIN @ ns_capable sg_allow_dio CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check genl_fam_idr CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check key_quota_root_maxkeys CAP_SYS_ADMIN @ capable tty_ldiscs_lock CAP_SYS_MODULE @ capable nr_node_ids CAP_SYS_ADMIN @ capable default_qdisc_ops CAP_NET_ADMIN @ capable nl_table CAP_NET_BROADCAST @ file_ns_capable name_len CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check ipip6_tunnel_del_prl.__warned CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check modules_disabled CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable __supported_pte_mask CAP_SYS_ADMIN @ capable swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable uts_ns_cache CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable switch.table.do_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check event CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check store_rps_map.rps_map_mutex CAP_NET_ADMIN @ capable shift_down CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check proc_poll_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable major CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check vt_kmsg_redirect.kmsg_con CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable kexec_mutex CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable total_swap_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sysctl_protected_hardlinks CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check qdisc_root_sleeping_running.__warned CAP_NET_ADMIN @ netlink_ns_capable swap_avail_heads CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable funcbufsize CAP_SYS_TTY_CONFIG @ capable rdev CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check mnt_group_ida CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check trace_buffered_event CAP_SYSLOG @ has_capability_noaudit tcp_cong_list CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable stop_sched_class CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable trace_buffered_event_cnt CAP_SYSLOG @ has_capability_noaudit trace_taskinfo_save CAP_SYSLOG @ has_capability_noaudit vm_committed_as_batch CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check pm_power_off CAP_SYS_BOOT @ ns_capable system_transition_mutex CAP_SYS_ADMIN @ capable CAP_SYS_BOOT @ ns_capable inconsistent check acct_on_mutex CAP_SYS_PACCT @ capable mntns_operations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check C_A_D CAP_SYS_BOOT @ ns_capable switch.table.sg_io CAP_SYS_RAWIO @ capable sysctl_protected_regular CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mode CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check all_mddevs_lock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable alloc_empty_file.old_max CAP_SYS_ADMIN @ capable netns_wq CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable i915_oa_max_sample_rate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable trace_percpu_buffer CAP_SYSLOG @ has_capability_noaudit md_misc_wq CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable namespace_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check kbd_table CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check phys_base CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check funcbufptr CAP_SYS_TTY_CONFIG @ capable mount_hashtable CAP_SYS_ADMIN @ ns_capable max_vals CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check __init_completion.__key.4818 CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check in_suspend CAP_SYS_ADMIN @ capable swap_active_head CAP_SYS_ADMIN @ capable mtime CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check this_cpu_off CAP_SYSLOG @ has_capability_noaudit freezer_test_done CAP_SYS_ADMIN @ capable image_size CAP_SYS_ADMIN @ capable module_mutex CAP_SYS_MODULE @ capable module_notify_list CAP_SYS_MODULE @ capable module_wq CAP_SYS_MODULE @ capable xfrm_msg_min CAP_NET_ADMIN @ netlink_net_capable packet_proto CAP_NET_RAW @ ns_capable pending_raid_disks CAP_SYS_ADMIN @ capable vt_dont_switch CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check names_cachep CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sysctl_protected_fifos CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vm_committed_as CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check fl_ht CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check key_quota_maxbytes CAP_SYS_ADMIN @ capable __do_sys_bdflush.msg_count CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable tty_ldiscs CAP_SYS_MODULE @ capable vmalloc_base CAP_NET_ADMIN @ netlink_net_capable keymap_count CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check may_mandlock.__print_once CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check hugetlb_file_setup.__print_once CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable tty_ldisc_autoload CAP_SYS_MODULE @ capable audit_enabled CAP_SYS_ADMIN @ capable sit_net_id CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check proc_event_counts CAP_NET_ADMIN @ __netlink_ns_capable selinux_state CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit %96 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* nonnull @selinux_state, i32 %51, i32 %91, i16 zeroext %93, i32 %43, i32 %95, %struct.gnet_stats_queue* nonnull %3) #69 Dynamic Load CAP sit_link_ops CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check uart_set_info._rs CAP_SYS_ADMIN @ capable cgroup_mutex CAP_SYS_ADMIN @ ns_capable ipip6_tunnel_add_prl.__warned CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check __default_kernel_pte_mask CAP_SYS_MODULE @ capable kcore_need_update CAP_SYS_RAWIO @ capable proc_root_kcore CAP_SYS_RAWIO @ capable sysctl_perf_event_paranoid CAP_SYS_ADMIN @ capable sysctl_perf_event_sample_rate CAP_SYS_ADMIN @ capable nr_files CAP_SYS_ADMIN @ capable least_priority CAP_SYS_ADMIN @ capable --- Function Protected By Gating Function--- efivar_entry_iter_end CAP_SYS_ADMIN @ capable efivar_entry_find CAP_SYS_ADMIN @ capable efivar_entry_iter_begin CAP_SYS_ADMIN @ capable nd_jump_link CAP_SYS_ADMIN @ capable do_md_stop CAP_SYS_ADMIN @ capable do_md_run CAP_SYS_ADMIN @ capable md_rdev_clear CAP_SYS_ADMIN @ capable bind_rdev_to_array CAP_SYS_ADMIN @ capable mddev_unlock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bdevname CAP_SYS_ADMIN @ capable super_90_load CAP_SYS_ADMIN @ capable scsi_autopm_put_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_run_host_queues CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check scsi_try_bus_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check device_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check blk_rq_init CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ldsem_up_write CAP_SYS_MODULE @ capable ldsem_down_write CAP_SYS_MODULE @ capable tty_ldisc_get CAP_SYS_MODULE @ capable panic CAP_SYS_MODULE @ capable n_null_open CAP_SYS_MODULE @ capable serport_ldisc_open CAP_SYS_MODULE @ capable n_null_close CAP_SYS_MODULE @ capable tty_buffer_restart_work CAP_SYS_MODULE @ capable ip6_route_del CAP_NET_ADMIN @ ns_capable loop_info64_to_compat CAP_SYS_ADMIN @ capable cn_netlink_send CAP_NET_ADMIN @ __netlink_ns_capable llist_add_batch CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable pci_write_config_dword CAP_SYS_ADMIN @ capable pci_read_config_dword CAP_SYS_ADMIN @ capable i915_gem_context_release CAP_SYS_NICE @ capable CAP_SYS_ADMIN @ capable inconsistent check xprt_wake_pending_tasks CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check kernel_getsockname CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check tcp_release_cb CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check ip6_datagram_release_cb CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check udp_v4_rehash CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check dev_change_proto_down CAP_NET_ADMIN @ ns_capable _dev_err CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable walk_page_range CAP_SYS_ADMIN @ file_ns_capable rtc_cmos_write CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rtc_cmos_read CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable md_import_device CAP_SYS_ADMIN @ capable pc_nvram_initialize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable extract_entropy CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable write_pool_user CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable _credit_init_bits CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable serial8250_get_mctrl CAP_SYS_ADMIN @ capable serial8250_pm CAP_SYS_ADMIN @ capable tty_name CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check kernel_setsockopt CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check serial8250_request_port CAP_SYS_ADMIN @ capable serial8250_verify_port CAP_SYS_ADMIN @ capable vt_do_kbkeycode_ioctl CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check __tty_hangup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable rtc_set_time CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_TIME @ capable inconsistent check cpus_read_unlock CAP_NET_ADMIN @ ns_capable cpus_read_lock CAP_NET_ADMIN @ ns_capable security_msg_queue_associate CAP_IPC_OWNER @ ns_capable security_msg_queue_msgsnd CAP_IPC_OWNER @ ns_capable tcp_send_window_probe CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable scsi_init_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check ipc_rcu_putref CAP_IPC_OWNER @ ns_capable sk_stream_write_space CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check to_compat_ipc_perm CAP_IPC_OWNER @ ns_capable to_compat_ipc64_perm CAP_IPC_OWNER @ ns_capable do_smart_update CAP_IPC_OWNER @ ns_capable perform_atomic_semop CAP_IPC_OWNER @ ns_capable sem_lock CAP_IPC_OWNER @ ns_capable security_sem_semop CAP_IPC_OWNER @ ns_capable send_signal CAP_KILL @ ns_capable ip6_route_add CAP_NET_ADMIN @ ns_capable efivar_create_sysfs_entry CAP_SYS_ADMIN @ capable efivar_entry_set CAP_SYS_ADMIN @ capable efivar_validate CAP_SYS_ADMIN @ capable move_vma CAP_IPC_LOCK @ capable rtnl_fdb_notify CAP_NET_ADMIN @ netlink_capable dev_uc_del CAP_NET_ADMIN @ netlink_capable kernel_wait4 CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check pci_enable_device CAP_SYS_ADMIN @ capable reenable_swap_slots_cache_unlock CAP_SYS_ADMIN @ capable disable_swap_slots_cache_lock CAP_SYS_ADMIN @ capable _dev_alert CAP_SYS_ADMIN @ capable tcp_abort CAP_NET_ADMIN @ ns_capable tcp_set_congestion_control CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable raw_abort CAP_NET_ADMIN @ ns_capable drm_dbg CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable pci_mmap_page_range CAP_SYS_RAWIO @ capable down_read_interruptible CAP_SYS_ADMIN @ capable netif_set_xps_queue CAP_NET_ADMIN @ capable find_get_context CAP_SYS_ADMIN @ capable modify_user_hw_breakpoint_check CAP_SYS_ADMIN @ capable mtrr_file_add CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ipip6_tunnel_update CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check alloc_netdev_mqs CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check dm_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bitmap_free CAP_NET_ADMIN @ ns_capable dm_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable delete_partition CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable add_partition CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable disk_part_iter_exit CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable disk_part_iter_next CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable disk_part_iter_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable fsync_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sd_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable lo_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable sr_block_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable exportfs_decode_fh CAP_DAC_READ_SEARCH @ capable security_task_getscheduler CAP_SYS_NICE @ ns_capable ext4_double_up_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable truncate_inode_pages CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_mark_iloc_dirty CAP_SYS_RESOURCE @ capable __dquot_transfer CAP_SYS_RESOURCE @ capable ext4_reserve_inode_write CAP_SYS_RESOURCE @ capable ext4_get_inode_loc CAP_SYS_RESOURCE @ capable security_sid_to_context_force CAP_CHOWN @ avc_has_perm_noaudit file_update_time CAP_FSETID @ capable exit_sem CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable qdisc_put_unlocked CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable serport_ldisc_close CAP_SYS_MODULE @ capable __tcf_block_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __tcf_chain_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable __get_locked_pte CAP_SYS_ADMIN @ capable ext4_ext_tree_init CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable bad_inode_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid kernfs_iop_rename CAP_FOWNER @ capable_wrt_inode_uidgid dev_ifsioc CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_NET_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable inconsistent check vfat_rename CAP_FOWNER @ capable_wrt_inode_uidgid mtrr_del CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __is_local_mountpoint CAP_FOWNER @ capable_wrt_inode_uidgid rt6_lookup CAP_NET_ADMIN @ ns_capable tty_vhangup_self CAP_SYS_TTY_CONFIG @ capable udp_abort CAP_NET_ADMIN @ ns_capable path_mountpoint CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alloc_file_clone CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check __tcf_chain_get CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable freeque CAP_SYS_ADMIN @ ns_capable xt_find_table_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_msg_queue_msgctl CAP_SYS_ADMIN @ ns_capable simple_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid security_sem_semctl CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check stack_trace_save_tsk CAP_SYS_ADMIN @ file_ns_capable drm_syncobj_open CAP_SYS_ADMIN @ capable lock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid mmc_ioctl_cdrom_play_msf CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable do_symlinkat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check io_cqring_add_event CAP_SYS_ADMIN @ capable free_msg CAP_IPC_OWNER @ ns_capable may_delete CAP_FOWNER @ capable_wrt_inode_uidgid import_single_range CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_trim_fs CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable set_fs_pwd CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check nfs_swap_activate CAP_SYS_ADMIN @ capable lock_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check inet_addr_type_table CAP_NET_ADMIN @ ns_capable __ftrace_trace_stack CAP_SYSLOG @ has_capability_noaudit mq_leaf CAP_NET_ADMIN @ netlink_ns_capable proc_net_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __efivar_entry_delete CAP_SYS_ADMIN @ capable free_compound_page CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check uart_shutdown CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable fs_context_for_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check pin_insert CAP_SYS_PACCT @ capable track_pfn_insert CAP_SYS_ADMIN @ capable wbinvd_on_cpu CAP_SYS_ADMIN @ capable nfs_weak_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sockfs_xattr_get CAP_SYS_ADMIN @ capable proc_ptrace_connector CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check signal_wake_up_state CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check swsusp_free CAP_SYS_ADMIN @ capable task_set_jobctl_pending CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check ext4_mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_get_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check jbd2_journal_abort CAP_SYS_ADMIN @ capable tid_fd_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_compat_match_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable path_init CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __mnt_want_write CAP_SYS_PACCT @ capable do_sys_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check __ext4_msg CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable inconsistent check do_fchmodat CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check freeary CAP_SYS_ADMIN @ ns_capable do_mknodat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check compat_table_info CAP_NET_ADMIN @ ns_capable ip_options_rcv_srr CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable qdisc_notify CAP_NET_ADMIN @ netlink_ns_capable __starget_for_each_device CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check netlink_ack CAP_NET_ADMIN @ netlink_net_capable nfs_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check fib_table_delete CAP_NET_ADMIN @ ns_capable nfs4_xattr_get_nfs4_acl CAP_SYS_ADMIN @ capable swap_type_of CAP_SYS_ADMIN @ capable unlock_two_nondirectories CAP_FOWNER @ capable_wrt_inode_uidgid qdisc_create CAP_NET_ADMIN @ netlink_ns_capable cgroup_kn_unlock CAP_SYS_ADMIN @ capable scsi_try_host_reset CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check fifo_init CAP_NET_ADMIN @ netlink_ns_capable xprt_unlock_connect CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check exit_swap_address_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable simple_unlink CAP_FOWNER @ capable_wrt_inode_uidgid swap_inode_data CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_force_commit CAP_SYS_ADMIN @ capable mount_too_revealing CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check __icmp_send CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable kthread_create_on_cpu CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check audit_seccomp_actions_logged CAP_SYS_ADMIN @ capable qdisc_get_stab CAP_NET_ADMIN @ netlink_ns_capable blkdev_read_iter CAP_SYS_ADMIN @ capable security_kernel_load_data CAP_SYS_BOOT @ capable CAP_SYS_MODULE @ capable CAP_SYS_BOOT @ capable inconsistent check walk_component CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check wake_up_q CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check netdev_state_change CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check dm_issue_global_event CAP_SYS_ADMIN @ capable strndup_user CAP_SYS_ADMIN @ ns_capable tcf_chain_tp_delete_empty CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable blk_queue_flag_set CAP_SYS_ADMIN @ capable mmc_ioctl_dvd_auth CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable bpf_get_trace_printk_proto CAP_SYS_ADMIN @ capable crypto_shash_update CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_read_audio CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable free_netdev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check mmc_ioctl_cdrom_play_blk CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable invalidate_bdev CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check nfs_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid dst_release CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check xt_compat_check_entry_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable __netlink_dump_start CAP_NET_ADMIN @ netlink_net_capable rescan_partitions CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable compat_import_iovec CAP_SYS_ADMIN @ capable svc_add_new_perm_xprt CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check do_kexec_load CAP_SYS_BOOT @ capable CAP_SYS_BOOT @ capable proc_tid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check out_of_line_wait_on_bit CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check vfat_revalidate_ci CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check freeze_bdev CAP_SYS_ADMIN @ capable n_tty_close CAP_SYS_MODULE @ capable sr_get_mcn CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable uart_startup CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable n_tty_open CAP_SYS_MODULE @ capable sr_get_last_session CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable ipv6_chk_addr_and_flags CAP_NET_ADMIN @ ns_capable xt_compat_target_from_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable take_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid qdisc_graft CAP_NET_ADMIN @ netlink_ns_capable __nla_parse CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check disk_get_part CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_sb_umount CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check is_subdir CAP_SYS_ADMIN @ ns_capable sr_reset CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check dev_valid_name CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check max_swapfile_size CAP_SYS_ADMIN @ capable __printk_ratelimit CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check alarmtimer_do_nsleep CAP_WAKE_ALARM @ capable security_task_setscheduler CAP_SYS_NICE @ capable CAP_SYS_NICE @ ns_capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable inconsistent check inet6_addr_add CAP_NET_ADMIN @ ns_capable vfat_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid mmc_ioctl_cdrom_read_data CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable ip4_datagram_release_cb CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check mmc_ioctl_dvd_read_struct CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable security_sem_associate CAP_IPC_OWNER @ ns_capable drm_prime_init_file_private CAP_SYS_ADMIN @ capable __fsnotify_parent CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable inconsistent check vfs_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check jbd2_complete_transaction CAP_SYS_RESOURCE @ capable dev_change_tx_queue_len CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check get_net_ns_by_id CAP_NET_ADMIN @ netlink_ns_capable do_fchownat CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check kbd_rate CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check ext4_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __ext4_journal_stop CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check sr_packet CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable security_move_mount CAP_SYS_ADMIN @ ns_capable xt_alloc_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable proc_ns_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_mmap_fits CAP_SYS_RAWIO @ capable shmem_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid _fat_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check ktime_add_safe CAP_WAKE_ALARM @ capable do_ip6t_get_ctl CAP_NET_ADMIN @ ns_capable blk_rq_map_kern CAP_SYS_RAWIO @ capable nfs_umount_begin CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_request_find_match CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_context_to_sid_force CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit shmem_unlink CAP_FOWNER @ capable_wrt_inode_uidgid locks_mandatory_locked CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_compat_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable sr_lock_door CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable xt_compat_flush_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable destroy_local_trace_kprobe CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_discard_preallocations CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __ip_tunnel_create CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_sid_to_context CAP_DAC_OVERRIDE @ avc_has_perm_noaudit mq_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable xt_find_revision CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ipv6_chk_prefix CAP_NET_ADMIN @ ns_capable audit_inode_permission %96 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* nonnull @selinux_state, i32 %51, i32 %91, i16 zeroext %93, i32 %43, i32 %95, %struct.gnet_stats_queue* nonnull %3) #69 Dynamic Load CAP msdos_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check netlink_broadcast CAP_SYS_ADMIN @ netlink_ns_capable proc_lookupfd CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sr_select_speed CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable xt_compat_add_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable xt_table_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable mmc_ioctl_cdrom_subchannel CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable kernel_power_off CAP_SYS_BOOT @ ns_capable xt_compat_match_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable netlink_rcv_skb CAP_NET_ADMIN @ netlink_net_capable xs_tcp_set_socket_timeouts CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check path_lookupat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check posix_acl_xattr_get CAP_SYS_ADMIN @ capable sr_drive_status CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable autofs_dir_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid ipc_update_perm CAP_SYS_ADMIN @ ns_capable send_sig_info CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable inconsistent check xt_compat_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable perf_uprobe_init CAP_SYS_ADMIN @ capable filename_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check xt_compat_unlock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable dm_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable pin_kill CAP_SYS_PACCT @ capable wake_q_add CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fc_drop_locked CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check xfrm_user_policy CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check serial8250_release_port CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable blk_rq_map_user CAP_SYS_RAWIO @ capable xt_compat_target_offset CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable generic_file_read_iter CAP_SYS_ADMIN @ capable blk_queue_max_discard_sectors CAP_SYS_ADMIN @ capable dec_usb_memory_use_count CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_next_writable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable dev_change_net_namespace CAP_NET_ADMIN @ netlink_ns_capable xt_compat_lock CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ipip6_newlink CAP_NET_ADMIN @ netlink_ns_capable __mark_inode_dirty CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __mnt_drop_write CAP_SYS_PACCT @ capable msdos_unlink CAP_FOWNER @ capable_wrt_inode_uidgid hibernation_restore CAP_SYS_ADMIN @ capable security_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid kernfs_iop_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_user_read_config_word CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check do_truncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check map_files_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check populate_vma_page_range CAP_IPC_LOCK @ capable __netif_set_xps_queue CAP_NET_ADMIN @ ns_capable qdisc_put CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ring_buffer_write CAP_SYSLOG @ has_capability_noaudit sg_new_read CAP_SYS_RAWIO @ capable xt_target_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable scsi_autopm_get_host CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check nfs_rename CAP_FOWNER @ capable_wrt_inode_uidgid drm_syncobj_free CAP_SYS_ADMIN @ capable perf_install_in_context CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable d_invalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check i915_driver_open CAP_SYS_ADMIN @ capable dev_ingress_queue_create CAP_NET_ADMIN @ netlink_ns_capable perf_event_set_output CAP_SYS_ADMIN @ capable compat_table_info.62900 CAP_NET_ADMIN @ ns_capable kernel_kexec CAP_SYS_BOOT @ ns_capable do_sys_ftruncate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check ext4_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_cdrom_last_written CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable vfs_parse_fs_string CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_expand_extra_isize CAP_SYS_RESOURCE @ capable xt_request_find_target CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ptep_set_access_flags CAP_SYS_ADMIN @ capable translate_table.62904 CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable tcf_proto_signal_destroying CAP_NET_ADMIN @ netlink_ns_capable local_bh_enable.62629 CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check get_mm_exe_file CAP_SYS_RESOURCE @ capable do_utimes CAP_MKNOD @ capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check dev_set_group CAP_NET_ADMIN @ ns_capable blk_execute_rq CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable d_exchange CAP_FOWNER @ capable_wrt_inode_uidgid xt_match_to_user CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable reconfigure_super CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check check_for_audio_disc CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable security_inode_setxattr CAP_SYS_ADMIN @ capable compat_nf_setsockopt CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check fl_release CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check tcf_chain_flush CAP_NET_ADMIN @ netlink_ns_capable md_alloc CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_pause_resume CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable lookup_user_key CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable do_ipt_get_ctl CAP_NET_ADMIN @ ns_capable put_css_set_locked CAP_SYS_ADMIN @ ns_capable commit_creds CAP_SETPCAP @ ns_capable CAP_SETGID @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid CAP_SETGID @ ns_capable CAP_SETGID @ ns_capable CAP_SETGID @ ns_capable CAP_SETGID @ ns_capable inconsistent check inode_owner_or_capable CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check perf_event_enable CAP_SYS_ADMIN @ capable snapshot_write_finalize CAP_SYS_ADMIN @ capable tg3_ptp_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable ext4_file_write_iter CAP_SYS_ADMIN @ capable compat_alloc_user_space CAP_SYS_BOOT @ capable static_key_slow_dec CAP_NET_ADMIN @ capable snapshot_image_loaded CAP_SYS_ADMIN @ capable generic_swapfile_activate CAP_SYS_ADMIN @ capable __ext4_journal_start_sb CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check security_sb_pivotroot CAP_SYS_ADMIN @ ns_capable sr_check_events CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable perf_event_alloc CAP_SYS_ADMIN @ capable proc_attr_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_file_free CAP_SYS_ADMIN @ capable fsnotify CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check release_dentry_name_snapshot CAP_FOWNER @ capable_wrt_inode_uidgid xt_compat_init_offsets CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable security_vm_enough_memory_mm CAP_SYS_ADMIN @ capable proc_dostring CAP_SYS_ADMIN @ capable blk_rq_unmap_user CAP_SYS_RAWIO @ capable proc_lookupfdinfo CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_change_carrier CAP_NET_ADMIN @ ns_capable set_device_ro CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable isofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pci_disable_device CAP_SYS_ADMIN @ capable dev_set_mtu CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable e1000e_phc_enable CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable msdos_rename CAP_FOWNER @ capable_wrt_inode_uidgid sd_pr_register CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_mknod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_mountpoint CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check mount_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check fs_context_for_reconfigure CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check __tcf_qdisc_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable dev_change_flags CAP_NET_ADMIN @ ns_capable sd_pr_preempt CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __put_net CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ksys_sync_helper CAP_SYS_ADMIN @ capable d_move CAP_FOWNER @ capable_wrt_inode_uidgid ihold CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check fsnotify_get_cookie CAP_FOWNER @ capable_wrt_inode_uidgid static_key_slow_inc CAP_NET_ADMIN @ capable cgroup_free_root CAP_SYS_ADMIN @ ns_capable ring_buffer_unlock_commit CAP_SYSLOG @ has_capability_noaudit __do_loopback CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check uts_proc_notify CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable fib_new_table CAP_NET_ADMIN @ ns_capable security_task_fix_setuid CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid netdev_master_upper_dev_get CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check ksys_fchown CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check ext4_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mq_select_queue CAP_NET_ADMIN @ netlink_ns_capable unregister_netdevice_many CAP_NET_ADMIN @ netlink_ns_capable pci_config_pm_runtime_put CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check kthread_create_on_node CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check tracefs_syscall_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid blk_queue_flag_clear CAP_SYS_ADMIN @ capable ipip6_dellink CAP_NET_ADMIN @ netlink_ns_capable do_add_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check serial8250_config_port CAP_SYS_ADMIN @ capable dm_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable amd_set_subcaches CAP_SYS_ADMIN @ capable mnt_clone_internal CAP_SYS_PACCT @ capable alloc_workqueue CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check set_blocksize CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dev_mc_del CAP_NET_ADMIN @ netlink_capable kernel_read_file_from_fd CAP_SYS_MODULE @ capable CAP_SYS_MODULE @ capable ida_alloc_range CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check shmem_file_read_iter CAP_SYS_ADMIN @ capable mtrr_add CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable dm_blk_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_rename2 CAP_FOWNER @ capable_wrt_inode_uidgid lookup_mnt CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cgroup_enter_frozen CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check rfkill_set_block CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable vfs_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check add_to_avail_list CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable blkdev_issue_discard CAP_SYS_ADMIN @ capable rtnl_configure_link CAP_NET_ADMIN @ netlink_ns_capable vfat_unlink CAP_FOWNER @ capable_wrt_inode_uidgid nf_setsockopt CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check init_cgroup_root CAP_SYS_ADMIN @ ns_capable sock_create_kern CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check attach_recursive_mnt CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check xt_free_table_info CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable fd_install CAP_DAC_READ_SEARCH @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_NET_ADMIN @ ns_capable inconsistent check nfs_unlink CAP_FOWNER @ capable_wrt_inode_uidgid bcmp CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check free_cgroup_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable __lookup_slow CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check strim CAP_SYS_ADMIN @ capable chroot_fs_refs CAP_SYS_ADMIN @ ns_capable nfs_swap_deactivate CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable proc_tgid_base_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __ipv6_dev_ac_inc CAP_NET_ADMIN @ ns_capable pci_user_read_config_dword CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check _isofs_bmap CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check fib_table_insert CAP_NET_ADMIN @ ns_capable parse_monolithic_mount_data CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check setup_swap_info CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable netdev_update_lockdep_key CAP_NET_ADMIN @ netlink_ns_capable lock_device_hotplug CAP_SYS_ADMIN @ capable put_fs_context CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check umount_tree CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check propagate_mount_busy CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check bad_inode_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid nfs4_lookup_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_ipc_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_RESOURCE @ capable inconsistent check rtnl_register CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ sk_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_capable inconsistent check nfs_file_write CAP_SYS_ADMIN @ capable kernfs_vfs_xattr_get CAP_SYS_ADMIN @ capable cdrom_count_tracks CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable ksys_fchmod CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable inconsistent check dir_add CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check mntput_no_expire CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check uart_change_speed CAP_SYS_ADMIN @ capable __audit_inode CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check set_fs_root CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable inconsistent check __audit_inode_child CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check ip_tunnel_bind_dev CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable drm_gem_open CAP_SYS_ADMIN @ capable random_read_iter CAP_SYS_ADMIN @ capable translate_table CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable ip_tunnel_update CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable create_new_namespaces CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable step_into CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __break_lease CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_SYS_ADMIN @ capable CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check user_shm_lock CAP_IPC_LOCK @ capable pci_config_pm_runtime_get CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check kthread_park CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check ext4_xattr_security_get CAP_SYS_ADMIN @ capable dm_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __detach_mounts CAP_FOWNER @ capable_wrt_inode_uidgid ipcperms CAP_IPC_OWNER @ ns_capable x86_pmu_aux_output_match CAP_SYS_ADMIN @ capable vfs_clean_context CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check anon_inode_getfd CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable pci_user_read_config_byte CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ capable inconsistent check shmem_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid fat_trim_fs CAP_LINUX_IMMUTABLE @ capable CAP_SYS_ADMIN @ capable inconsistent check kernfs_iop_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid d_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check msdos_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid autofs_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sock_read_iter CAP_SYS_ADMIN @ capable mtrr_add_page CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable ext4_rmdir CAP_FOWNER @ capable_wrt_inode_uidgid do_linkat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check maybe_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check md_ioctl CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable do_mkdirat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check shmem_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sock_write_iter CAP_SYS_ADMIN @ capable autofs_dir_unlink CAP_FOWNER @ capable_wrt_inode_uidgid bad_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid change_mnt_propagation CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check ext4_unlink CAP_FOWNER @ capable_wrt_inode_uidgid mqueue_unlink CAP_FOWNER @ capable_wrt_inode_uidgid filp_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check user_disable_single_step CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check ext4_double_down_write_data_sem CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable unregister_netdevice_queue CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check __rseq_handle_notify_resume CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check do_group_exit CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check tty_kref_put CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable suspend_devices_and_enter CAP_SYS_ADMIN @ capable __tcf_block_find CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable ring_buffer_lock_reserve CAP_SYSLOG @ has_capability_noaudit ring_buffer_event_data CAP_SYSLOG @ has_capability_noaudit follow_managed CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filter_match_preds CAP_SYSLOG @ has_capability_noaudit ring_buffer_discard_commit CAP_SYSLOG @ has_capability_noaudit _atomic_dec_and_lock CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable thaw_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check drm_syncobj_release CAP_SYS_ADMIN @ capable reboot_pid_ns CAP_SYS_BOOT @ ns_capable kernel_restart CAP_SYS_BOOT @ ns_capable ipc_rcu_getref CAP_IPC_OWNER @ ns_capable kernel_halt CAP_SYS_BOOT @ ns_capable hibernate CAP_SYS_BOOT @ ns_capable security_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfat_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check simple_rename CAP_FOWNER @ capable_wrt_inode_uidgid ata_cmd_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check bad_inode_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ata_task_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable inconsistent check blk_rq_map_user_iov CAP_SYS_RAWIO @ capable slow_avc_audit CAP_CHOWN @ avc_has_perm_noaudit %12 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 %11, %struct.gnet_stats_queue* nonnull %8) #69 Dynamic Load CAP CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit CAP_CHOWN @ avc_has_perm_noaudit shmem_lock CAP_IPC_LOCK @ ns_capable cgroup_setup_root CAP_SYS_ADMIN @ ns_capable skb_copy_expand CAP_SYS_ADMIN @ netlink_ns_capable rw_verify_area CAP_SYS_ADMIN @ capable read_iter_null CAP_SYS_ADMIN @ capable proc_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernel_sigaction CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check __vfs_setxattr_noperm CAP_SYS_ADMIN @ capable hugetlbfs_read_iter CAP_SYS_ADMIN @ capable ext4_file_read_iter CAP_SYS_ADMIN @ capable read_iter_zero CAP_SYS_ADMIN @ capable snapshot_get_image_size CAP_SYS_ADMIN @ capable io_ring_ctx_wait_and_kill CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check pipe_read CAP_SYS_ADMIN @ capable uart_set_ldisc CAP_SYS_MODULE @ capable nfs_file_read CAP_SYS_ADMIN @ capable urandom_read_iter CAP_SYS_ADMIN @ capable down_read_killable CAP_SYS_ADMIN @ file_ns_capable CAP_SYS_ADMIN @ file_ns_capable sg_scsi_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check aio_complete_rw CAP_SYS_ADMIN @ capable __sb_start_write CAP_SYS_ADMIN @ capable write_iter_null CAP_SYS_ADMIN @ capable io_free_req CAP_SYS_ADMIN @ capable gen_replace_estimator CAP_NET_ADMIN @ netlink_ns_capable generic_file_write_iter CAP_SYS_ADMIN @ capable pipe_write CAP_SYS_ADMIN @ capable devkmsg_write CAP_SYS_ADMIN @ capable drm_prime_destroy_file_private CAP_SYS_ADMIN @ capable __d_lookup_done CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_gem_release CAP_SYS_ADMIN @ capable random_write_iter CAP_SYS_ADMIN @ capable io_import_iovec CAP_SYS_ADMIN @ capable nla_strcmp CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable loop_rw_iter CAP_SYS_ADMIN @ capable qdisc_lookup CAP_NET_ADMIN @ netlink_ns_capable io_complete_rw_iopoll CAP_SYS_ADMIN @ capable io_complete_rw CAP_SYS_ADMIN @ capable __io_submit_sqe CAP_SYS_ADMIN @ capable proc_misc_d_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check free_all_swap_pages CAP_SYS_ADMIN @ capable hibernation_platform_enter CAP_SYS_ADMIN @ capable unlock_device_hotplug CAP_SYS_ADMIN @ capable mmc_ioctl_cdrom_start_stop CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable cgroup_lock_and_drain_offline CAP_SYS_ADMIN @ ns_capable perf_kprobe_init CAP_SYS_ADMIN @ capable find_task_by_vpid CAP_SYS_ADMIN @ capable vfs_path_lookup CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check check_cgroupfs_options CAP_SYS_ADMIN @ ns_capable logfc CAP_SYS_ADMIN @ ns_capable ida_free CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check destroy_workqueue CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check swsusp_swap_in_use CAP_SYS_ADMIN @ capable cgroup_do_get_tree CAP_SYS_ADMIN @ ns_capable do_move_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check may_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check mmc_ioctl_cdrom_volume CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable cgroup_kn_lock_live CAP_SYS_ADMIN @ capable rtnetlink_send CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable msdos_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check dev_add_pack CAP_NET_RAW @ ns_capable security_inode_unlink CAP_FOWNER @ capable_wrt_inode_uidgid drm_gem_handle_create CAP_SYS_ADMIN @ capable sd_config_write_same CAP_SYS_ADMIN @ capable freeze_super CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check put_mnt_ns CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check vm_stat_account CAP_IPC_LOCK @ capable proc_sys_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check kernfs_dop_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check pid_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfat_revalidate CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check _dev_notice CAP_SYS_ADMIN @ capable security_inode_rename CAP_FOWNER @ capable_wrt_inode_uidgid path_openat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check handle_dots CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lookup_fast CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tty_lock CAP_SYS_MODULE @ capable unlazy_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check d_alloc_parallel CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check current_umask CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check ext4_xattr_trusted_get CAP_SYS_ADMIN @ capable security_msg_queue_msgrcv CAP_IPC_OWNER @ ns_capable nfs_atomic_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_task_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check register_netdevice CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check simple_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_sys_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_root_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check proc_map_files_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check empty_dir_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check security_shm_associate CAP_IPC_OWNER @ ns_capable rtnl_create_link CAP_NET_ADMIN @ netlink_ns_capable vfat_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check hugetlbfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check get_fs_type CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check get_order.16564 CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check dissolve_on_fput CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check security_locked_down CAP_SYS_RAWIO @ capable CAP_SYS_BOOT @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_BOOT @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable inconsistent check ramfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check bad_inode_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check nfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check alloc_file_pseudo CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check mqueue_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check drm_master_open CAP_SYS_ADMIN @ capable vfs_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tty_unlock CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check trailing_symlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check link_path_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check terminate_walk CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check getname_flags CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check filename_parentat CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check lock_rename CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check __lookup_hash CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_unlink CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check cgroup_leave_frozen CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check vfs_rmdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check inet6_addr_del CAP_NET_ADMIN @ ns_capable blkdev_write_iter CAP_SYS_ADMIN @ capable audit_log_link_denied CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sd_pr_release CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __dquot_alloc_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_link CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check tty_ldisc_reinit CAP_SYS_MODULE @ capable filename_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sd_pr_reserve CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable __dquot_free_space CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_mkdir CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check sd_pr_clear CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable vfs_create CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check vfs_tmpfile CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check finish_open CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check shmem_unlock_mapping CAP_IPC_LOCK @ ns_capable security_sb_kern_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check proc_tgid_net_lookup CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check put_old_itimerspec32 CAP_WAKE_ALARM @ capable percpu_ref_init CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check mq_walk CAP_NET_ADMIN @ netlink_ns_capable kthread_stop CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check destroy_local_trace_uprobe CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable enable_swap_slots_cache CAP_SYS_ADMIN @ capable sock_release CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check dquot_add_space CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable user_path_mountpoint_at CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check vfs_create_mount CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check dev_set_alias CAP_NET_ADMIN @ ns_capable udp_v6_rehash CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check ext4_xattr_user_get CAP_SYS_ADMIN @ capable shrink_dcache_parent CAP_FOWNER @ capable_wrt_inode_uidgid sr_tray_move CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable shmem_xattr_handler_get CAP_SYS_ADMIN @ capable filemap_write_and_wait CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable security_inode_getxattr CAP_SYS_ADMIN @ capable try_to_unuse CAP_SYS_ADMIN @ capable security_inode_getsecurity CAP_SYS_ADMIN @ capable security_inode_removexattr CAP_SYS_ADMIN @ capable hibernation_snapshot CAP_SYS_ADMIN @ capable __vfs_removexattr CAP_SYS_ADMIN @ capable bitmap_zalloc CAP_NET_ADMIN @ ns_capable mtrr_del_page CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable proc_alloc_inum CAP_SYS_ADMIN @ ns_capable match_string CAP_SYS_ADMIN @ capable namespace_unlock CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check mnt_warn_timestamp_expiry CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check kern_path CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check scsi_put_command CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check tcf_proto_lookup_ops CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable sr_audio_ioctl CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable __tcf_get_next_proto CAP_NET_ADMIN @ netlink_ns_capable tcf_fill_node CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable tcf_proto_destroy CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable --- Interesting Type fields and checks --- struct.md_rdev:0, CAP_SYS_ADMIN @ capable struct.block_device.284446:0, CAP_SYS_ADMIN @ capable struct.nsproxy.650920:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.amd_northbridge:0, CAP_SYS_ADMIN @ capable struct.svc_serv.809074:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.vm_area_struct.119579:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.agp_file_private:0, CAP_SYS_RAWIO @ capable struct.ipc_ops:0, CAP_IPC_OWNER @ ns_capable union.anon.21:2, CAP_IPC_OWNER @ ns_capable struct.signal_struct.243773:0, CAP_IPC_OWNER @ ns_capable struct.msg_msg:0, CAP_IPC_OWNER @ ns_capable struct.signal_struct.244199:0, CAP_IPC_OWNER @ ns_capable struct.task_struct.244247:0, CAP_IPC_OWNER @ ns_capable struct.perf_event.18992:0, CAP_SYS_ADMIN @ capable struct.work_struct:-2,-3,3, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_SYS_RESOURCE @ capable inconsistent check struct.device.27509:0, CAP_SYS_ADMIN @ capable struct.task_struct.108433:0, CAP_SYS_ADMIN @ capable struct.load_info:0, CAP_SYS_MODULE @ capable struct.task_struct.88623:0, CAP_SYS_ADMIN @ ns_capable struct.nsproxy:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct:0, CAP_IPC_LOCK @ capable CAP_WAKE_ALARM @ capable inconsistent check struct.signal_struct.339597:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.sit_net:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.pr_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.nfs4_label:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.block_device_operations.279160:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.gendisk.279209:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.simple_xattr:0, CAP_SYS_ADMIN @ ns_capable_noaudit struct.fs_struct.156849:0, CAP_DAC_READ_SEARCH @ capable struct.ext4_sb_info.183030:0, CAP_SYS_RESOURCE @ capable struct.net_device.250877:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.nsproxy.245960:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.alarm:0, CAP_WAKE_ALARM @ capable struct.tcf_filter_chain_list_item:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.tcf_block.674292:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.qspinlock:102, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.tcf_proto.674295:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.tcf_chain.674293:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.kuid_t:2, CAP_IPC_OWNER @ ns_capable struct.tty_struct.337069:0, CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.Qdisc_class_ops.674282:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.tcf_proto_ops.674294:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.pmu.105255:0, CAP_SYS_ADMIN @ capable struct.task_struct.105447:0, CAP_SYS_ADMIN @ capable struct.Qdisc_ops.674283:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.task_struct.341508:0, CAP_KILL @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable CAP_SYS_TTY_CONFIG @ capable inconsistent check struct.task_struct.189356:0, CAP_IPC_LOCK @ capable struct.ifreq:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.fs_parameter:0, CAP_SYS_ADMIN @ capable struct.task_struct.54204:0, CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable CAP_SYS_NICE @ capable struct.task_struct.162579:0, CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ has_capability_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ file_ns_capable inconsistent check struct.mnt_namespace.138601:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.sock.152229:0, CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check struct.tty_operations.337065:0, CAP_SYS_MODULE @ capable struct.key.247146:0, CAP_SYS_ADMIN @ capable struct.qstr:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.ctl_table:0, CAP_SYS_ADMIN @ capable struct.net_device.664139:0, CAP_NET_ADMIN @ capable struct.attribute:1, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.net_device.659086:0, CAP_NET_ADMIN @ ns_capable struct.pid_namespace.463:0, CAP_SYS_PACCT @ capable struct.pid_namespace.50085:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.scsi_device.524000:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.vm_area_struct:0, CAP_SYS_ADMIN @ capable struct.io_kiocb:0, CAP_SYS_ADMIN @ capable struct.task_struct.251287:0, CAP_NET_ADMIN @ ns_capable struct.task_struct.339648:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.task_struct.138679:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.task_struct.96680:0, CAP_SYS_ADMIN @ capable struct.swap_info_struct.108231:0, CAP_SYS_ADMIN @ capable struct.net_device_ops.664068:0, CAP_NET_ADMIN @ capable struct.xattr_handler.112745:0, CAP_SYS_ADMIN @ capable struct.net_device.707029:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.xt_entry_match.748147:0, CAP_NET_ADMIN @ ns_capable struct.tty_struct.339591:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.vm_area_struct.120974:0, CAP_IPC_LOCK @ capable struct.ip_tunnel:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.Qdisc_class_ops.653894:0, CAP_NET_ADMIN @ netlink_ns_capable struct.async_list:0, CAP_SYS_ADMIN @ capable struct.request.282762:0,1, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.net.664221:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.task_struct.247461:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.sg_fd:0, CAP_SYS_RAWIO @ capable struct.ipv6_txoptions:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.fs_struct.138591:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ext4_sb_info:0, CAP_SYS_RESOURCE @ capable struct.net.659201:0, CAP_NET_ADMIN @ ns_capable struct.task_struct.43108:0, CAP_KILL @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SYS_CHROOT @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_PTRACE @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_PTRACE @ ns_capable_noaudit CAP_SYS_RESOURCE @ capable CAP_SYS_PTRACE @ ns_capable CAP_SYS_RESOURCE @ capable CAP_SYS_NICE @ ns_capable CAP_SETUID @ ns_capable_setid CAP_SYS_ADMIN @ ns_capable CAP_SYS_MODULE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.anon.107:1, CAP_SYS_ADMIN @ capable struct.net.647475:0, CAP_NET_ADMIN @ netlink_net_capable struct.fs_context.88711:0, CAP_SYS_ADMIN @ ns_capable struct.ip6t_replace:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.sem_queue:0, CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.ip6_flowlabel.779637:0, CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.nsproxy.42983:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct.50083:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.task_struct.244653:0, CAP_IPC_LOCK @ ns_capable struct.socket.152227:0, CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable inconsistent check struct.ipt_replace:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.Qdisc.653902:0, CAP_NET_ADMIN @ netlink_ns_capable struct.uart_port:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.qdisc_size_table:0, CAP_NET_ADMIN @ netlink_ns_capable struct.svc_sock:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.block_device.279324:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.Qdisc.674290:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_ns_capable struct.xt_entry_match.791972:0, CAP_NET_ADMIN @ ns_capable struct.sock.791956:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.proto.250952:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.cgroup_subsys.88852:0, CAP_SYS_ADMIN @ ns_capable struct.gendisk.528009:0, CAP_SYS_ADMIN @ capable struct.net.770423:0, CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable inconsistent check struct.packet_command:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.path.250620:0, CAP_NET_ADMIN @ ns_capable struct.Qdisc_ops.653895:0, CAP_NET_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ capable inconsistent check struct.path.156561:0, CAP_DAC_READ_SEARCH @ capable struct.task_struct.245736:0, CAP_SYS_RESOURCE @ capable struct.rtentry:0, CAP_NET_ADMIN @ ns_capable struct.kiocb.138351:0, CAP_SYS_ADMIN @ capable struct.fs_context.138693:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.vfsmount.138744:0,-2, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.cdrom_device_ops.554244:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable inconsistent check struct.xt_table.747826:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.sem_array:0, CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.io_ring_ctx:0, CAP_SYS_ADMIN @ capable struct.fib6_config.769196:0, CAP_NET_ADMIN @ ns_capable struct.path.138745:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.net_device.657312:0, CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.gendisk.108229:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.scsi_host_template.524008:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.super_operations.134948:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.block_device.108230:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.agp_controller:0, CAP_SYS_RAWIO @ capable struct.ipv6_pinfo.765460:0, CAP_NET_ADMIN @ ns_capable struct.net_device.653918:0, CAP_NET_ADMIN @ netlink_ns_capable struct.task_struct.647610:0, CAP_IPC_LOCK @ capable struct.mddev:0, CAP_SYS_ADMIN @ capable struct.Scsi_Host.524014:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.xt_match.748138:0, CAP_NET_ADMIN @ ns_capable struct.net.657217:0, CAP_NET_ADMIN @ netlink_ns_capable struct.scsi_device:0, CAP_SYS_RAWIO @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.tty_ldisc_ops.337070:0, CAP_SYS_MODULE @ capable struct.sg_request:0, CAP_SYS_RAWIO @ capable struct.check_loop_arg:0, CAP_NET_ADMIN @ netlink_ns_capable struct.xt_match.791963:0, CAP_NET_ADMIN @ ns_capable struct.xt_target.748141:0, CAP_NET_ADMIN @ ns_capable struct.xt_target.791966:0, CAP_NET_ADMIN @ ns_capable struct.ptp_clock_info.590237:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.task_struct.243821:0, CAP_IPC_OWNER @ ns_capable struct.uart_state:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.net.706629:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.dst_entry.706562:0, CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable struct.coredump_params.49108:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check struct.net_device_ops.657235:0, CAP_NET_ADMIN @ netlink_capable CAP_NET_ADMIN @ netlink_ns_capable inconsistent check struct.sock.245448:0, CAP_NET_ADMIN @ netlink_net_capable struct.nfnetlink_subsystem:0, CAP_NET_ADMIN @ netlink_net_capable struct.nfnl_err:0, CAP_NET_ADMIN @ netlink_net_capable struct.net.245522:0, CAP_SYS_ADMIN @ netlink_ns_capable CAP_NET_ADMIN @ netlink_net_capable inconsistent check struct.ip_tunnel_net:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.xt_table.791644:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.packet_fanout:0, CAP_NET_RAW @ ns_capable struct.drm_device.363299:0, CAP_SYS_ADMIN @ capable struct.drm_driver.363260:0, CAP_SYS_ADMIN @ capable struct.nsproxy.49829:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.drm_file.363302:0, CAP_SYS_ADMIN @ capable struct.task_struct.119676:0, CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable CAP_IPC_LOCK @ capable struct.fib_config:0, CAP_NET_ADMIN @ ns_capable struct.ext4_sb_info.179720:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.signal_struct.43021:0, CAP_KILL @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.kernel_clone_args:0, CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.task_struct.156929:0, CAP_DAC_READ_SEARCH @ capable struct.task_struct.112690:0, CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_ADMIN @ capable CAP_SYS_RESOURCE @ capable CAP_SYS_RESOURCE @ capable inconsistent check struct.nameidata:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check struct.vm_area_struct.43118:0, CAP_SYS_RESOURCE @ capable struct.rtnl_link_ops.657309:0, CAP_NET_ADMIN @ netlink_ns_capable struct.perf_event.105278:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.header_ops.250799:0, CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable CAP_SYS_RAWIO @ capable struct.perf_event_context.105253:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.k_itimer:0, CAP_WAKE_ALARM @ capable struct.trace_event_call.100728:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.netdev_rx_queue.664102:0, CAP_NET_ADMIN @ capable struct.kern_ipc_perm:1, CAP_IPC_OWNER @ ns_capable CAP_IPC_LOCK @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.pps_device:0, CAP_SYS_TIME @ capable CAP_SYS_TIME @ capable struct.net.251046:0, CAP_NET_RAW @ ns_capable struct.uart_ops:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable struct.sock.748131:0, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable struct.wake_q_head:0, CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.sock.706927:0,1, CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable CAP_NET_RAW @ ns_capable inconsistent check struct.cgroup_root.88845:0, CAP_SYS_ADMIN @ ns_capable struct.msg_receiver:0, CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.msg_sender:0, CAP_IPC_OWNER @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.netdev_queue.653889:0, CAP_NET_ADMIN @ netlink_ns_capable struct.nsproxy.88578:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable struct.uevent_sock:0, CAP_SYS_ADMIN @ netlink_ns_capable struct.netlink_dump_control.761249:0, CAP_NET_ADMIN @ netlink_net_capable struct.sock.250976:1,0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.task_struct.134185:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check struct.cgroup.88849:0, CAP_SYS_ADMIN @ capable struct.task_struct.11557:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check struct.ksignal:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_FOWNER @ capable_wrt_inode_uidgid inconsistent check struct.nsproxy.138627:0, CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_CHROOT @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.sg_io_hdr:0, CAP_SYS_RAWIO @ capable struct.iocb:0, CAP_SYS_ADMIN @ capable struct.task_struct.152473:0, CAP_SYS_ADMIN @ capable CAP_IPC_LOCK @ capable CAP_SYS_ADMIN @ capable inconsistent check struct.cred:0, CAP_IPC_LOCK @ capable CAP_SETUID @ ns_capable_setid CAP_SETUID @ ns_capable_setid CAP_IPC_LOCK @ ns_capable CAP_SETGID @ ns_capable CAP_IPC_LOCK @ capable inconsistent check struct.socket.250973:0, CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ capable CAP_NET_ADMIN @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable CAP_NET_ADMIN @ capable CAP_NET_RAW @ ns_capable inconsistent check struct.cgroup_fs_context.88930:0, CAP_SYS_ADMIN @ ns_capable struct.super_operations.138702:0, CAP_SYS_ADMIN @ capable CAP_SYS_ADMIN @ ns_capable CAP_SYS_ADMIN @ ns_capable inconsistent check struct.path.134262:0, CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid CAP_DAC_OVERRIDE @ capable_wrt_inode_uidgid CAP_DAC_READ_SEARCH @ capable_wrt_inode_uidgid inconsistent check Run Analysis, Threads:1 Critical functions Check Use of Function:efivar_entry_iter_begin Check Use of Function:efivar_entry_find Check Use of Function:efivar_entry_iter_end Check Use of Function:nd_jump_link Check Use of Function:super_90_load Check Use of Function:bdevname Check Use of Function:mddev_unlock Check Use of Function:do_md_stop Check Use of Function:bind_rdev_to_array Check Use of Function:md_rdev_clear Check Use of Function:do_md_run Check Use of Function:blk_rq_init Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 __ia32_sys_fadvise64 ------------- Path:  Function:__ia32_sys_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = trunc i64 %11 to i32 %14 = tail call i64 @__fdget(i32 %12) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.109793* %17 = icmp eq i64 %15, 0 br i1 %17, label %34, label %18 %19 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %16, i64 0, i32 3 %20 = load %struct.file_operations.109782*, %struct.file_operations.109782** %19, align 8 %21 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %20, i64 0, i32 31 %22 = bitcast {}** %21 to i32 (%struct.file.109793*, i64, i64, i32)** %23 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %22, align 8 %24 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %23, null br i1 %24, label %27, label %25 %28 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %16, i64 %6, i64 %9, i32 %13) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 __x64_sys_fadvise64 ------------- Path:  Function:__x64_sys_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %9 to i32 %12 = tail call i64 @__fdget(i32 %10) #69 %13 = and i64 %12, -4 %14 = inttoptr i64 %13 to %struct.file.109793* %15 = icmp eq i64 %13, 0 br i1 %15, label %32, label %16 %17 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %14, i64 0, i32 3 %18 = load %struct.file_operations.109782*, %struct.file_operations.109782** %17, align 8 %19 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %18, i64 0, i32 31 %20 = bitcast {}** %19 to i32 (%struct.file.109793*, i64, i64, i32)** %21 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %20, align 8 %22 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %21, null br i1 %22, label %25, label %23 %26 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %14, i64 %5, i64 %7, i32 %11) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 __ia32_sys_fadvise64_64 ------------- Path:  Function:__ia32_sys_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = trunc i64 %11 to i32 %14 = tail call i64 @__fdget(i32 %12) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.109793* %17 = icmp eq i64 %15, 0 br i1 %17, label %34, label %18 %19 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %16, i64 0, i32 3 %20 = load %struct.file_operations.109782*, %struct.file_operations.109782** %19, align 8 %21 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %20, i64 0, i32 31 %22 = bitcast {}** %21 to i32 (%struct.file.109793*, i64, i64, i32)** %23 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %22, align 8 %24 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %23, null br i1 %24, label %27, label %25 %28 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %16, i64 %6, i64 %9, i32 %13) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 __x64_sys_fadvise64_64 ------------- Path:  Function:__x64_sys_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %9 to i32 %12 = tail call i64 @__fdget(i32 %10) #69 %13 = and i64 %12, -4 %14 = inttoptr i64 %13 to %struct.file.109793* %15 = icmp eq i64 %13, 0 br i1 %15, label %32, label %16 %17 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %14, i64 0, i32 3 %18 = load %struct.file_operations.109782*, %struct.file_operations.109782** %17, align 8 %19 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %18, i64 0, i32 31 %20 = bitcast {}** %19 to i32 (%struct.file.109793*, i64, i64, i32)** %21 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %20, align 8 %22 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %21, null br i1 %22, label %25, label %23 %26 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %14, i64 %5, i64 %7, i32 %11) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 ksys_fadvise64_64 13 __ia32_compat_sys_x86_fadvise64_64 ------------- Path:  Function:__ia32_compat_sys_x86_fadvise64_64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %15 to i32 %18 = shl i64 %8, 32 %19 = or i64 %18, %6 %20 = shl i64 %13, 32 %21 = or i64 %20, %11 %22 = tail call i32 @ksys_fadvise64_64(i32 %16, i64 %19, i64 %21, i32 %17) #69 Function:ksys_fadvise64_64 %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.109793* %8 = icmp eq i64 %6, 0 br i1 %8, label %25, label %9 %10 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %7, i64 0, i32 3 %11 = load %struct.file_operations.109782*, %struct.file_operations.109782** %10, align 8 %12 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %11, i64 0, i32 31 %13 = bitcast {}** %12 to i32 (%struct.file.109793*, i64, i64, i32)** %14 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %13, align 8 %15 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %14, null br i1 %15, label %18, label %16 %19 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %7, i64 %1, i64 %2, i32 %3) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 ksys_fadvise64_64 13 __ia32_compat_sys_x86_fadvise64 ------------- Path:  Function:__ia32_compat_sys_x86_fadvise64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %13 to i32 %16 = shl i64 %8, 32 %17 = or i64 %16, %6 %18 = tail call i32 @ksys_fadvise64_64(i32 %14, i64 %17, i64 %11, i32 %15) #69 Function:ksys_fadvise64_64 %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.109793* %8 = icmp eq i64 %6, 0 br i1 %8, label %25, label %9 %10 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %7, i64 0, i32 3 %11 = load %struct.file_operations.109782*, %struct.file_operations.109782** %10, align 8 %12 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %11, i64 0, i32 31 %13 = bitcast {}** %12 to i32 (%struct.file.109793*, i64, i64, i32)** %14 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %13, align 8 %15 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %14, null br i1 %15, label %18, label %16 %19 = tail call i32 @generic_fadvise(%struct.file.109793* nonnull %7, i64 %1, i64 %2, i32 %3) #69 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 vfs_fadvise 13 __se_sys_madvise 14 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %123 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %124 = load %struct.file.125060*, %struct.file.125060** %123, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %125 = icmp eq %struct.file.125060* %124, null br i1 %125, label %126, label %131 %132 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %124, i64 0, i32 19 %133 = load %struct.address_space.125290*, %struct.address_space.125290** %132, align 8 %134 = call zeroext i1 bitcast (i1 (%struct.address_space.112620*)* @shmem_mapping to i1 (%struct.address_space.125290*)*)(%struct.address_space.125290* %133) #69 br i1 %134, label %135, label %189 store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %190 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %124, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %190, i64* %190) #6, !srcloc !5 %191 = load i64, i64* %76, align 8 %192 = sub i64 %83, %191 %193 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %194 = load i64, i64* %193, align 8 %195 = shl i64 %194, 12 %196 = add i64 %192, %195 %197 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %198 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %197, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %198) #69 %199 = sub i64 %87, %83 %200 = call i32 bitcast (i32 (%struct.file.109793*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.125060*, i64, i64, i32)*)(%struct.file.125060* nonnull %124, i64 %196, i64 %199, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 3 %6 = load %struct.file_operations.109782*, %struct.file_operations.109782** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.109793*, i64, i64, i32)** %9 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = tail call i32 @generic_fadvise(%struct.file.109793* %0, i64 %1, i64 %2, i32 %3) #70 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 vfs_fadvise 13 __se_sys_madvise 14 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %123 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %124 = load %struct.file.125060*, %struct.file.125060** %123, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %125 = icmp eq %struct.file.125060* %124, null br i1 %125, label %126, label %131 %132 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %124, i64 0, i32 19 %133 = load %struct.address_space.125290*, %struct.address_space.125290** %132, align 8 %134 = call zeroext i1 bitcast (i1 (%struct.address_space.112620*)* @shmem_mapping to i1 (%struct.address_space.125290*)*)(%struct.address_space.125290* %133) #69 br i1 %134, label %135, label %189 store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %190 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %124, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %190, i64* %190) #6, !srcloc !5 %191 = load i64, i64* %76, align 8 %192 = sub i64 %83, %191 %193 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %194 = load i64, i64* %193, align 8 %195 = shl i64 %194, 12 %196 = add i64 %192, %195 %197 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %198 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %197, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %198) #69 %199 = sub i64 %87, %83 %200 = call i32 bitcast (i32 (%struct.file.109793*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.125060*, i64, i64, i32)*)(%struct.file.125060* nonnull %124, i64 %196, i64 %199, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 3 %6 = load %struct.file_operations.109782*, %struct.file_operations.109782** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.109793*, i64, i64, i32)** %9 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = tail call i32 @generic_fadvise(%struct.file.109793* %0, i64 %1, i64 %2, i32 %3) #70 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 vfs_fadvise 13 __ia32_sys_readahead ------------- Path:  Function:__ia32_sys_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.108469* %14 = icmp eq i64 %12, 0 br i1 %14, label %38, label %15 %16 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %13, i64 0, i32 8 %17 = load i32, i32* %16, align 4 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %38, label %20 %21 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %13, i64 0, i32 19 %22 = load %struct.address_space.108233*, %struct.address_space.108233** %21, align 8 %23 = icmp eq %struct.address_space.108233* %22, null br i1 %23, label %38, label %24 %25 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %22, i64 0, i32 9 %26 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %25, align 8 %27 = icmp eq %struct.address_space_operations.108232* %26, null br i1 %27, label %38, label %28 %29 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %13, i64 0, i32 2 %30 = load %struct.inode.108461*, %struct.inode.108461** %29, align 8 %31 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %30, i64 0, i32 0 %32 = load i16, i16* %31, align 8 %33 = and i16 %32, -4096 %34 = icmp eq i16 %33, -32768 br i1 %34, label %35, label %38 %36 = tail call i32 bitcast (i32 (%struct.file.109793*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.108469*, i64, i64, i32)*)(%struct.file.108469* nonnull %13, i64 %6, i64 %9, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 3 %6 = load %struct.file_operations.109782*, %struct.file_operations.109782** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.109793*, i64, i64, i32)** %9 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = tail call i32 @generic_fadvise(%struct.file.109793* %0, i64 %1, i64 %2, i32 %3) #70 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 vfs_fadvise 13 __x64_sys_readahead ------------- Path:  Function:__x64_sys_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = tail call i64 @__fdget(i32 %8) #69 %10 = and i64 %9, -4 %11 = inttoptr i64 %10 to %struct.file.108469* %12 = icmp eq i64 %10, 0 br i1 %12, label %36, label %13 %14 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %11, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 1 %17 = icmp eq i32 %16, 0 br i1 %17, label %36, label %18 %19 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %11, i64 0, i32 19 %20 = load %struct.address_space.108233*, %struct.address_space.108233** %19, align 8 %21 = icmp eq %struct.address_space.108233* %20, null br i1 %21, label %36, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %20, i64 0, i32 9 %24 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %23, align 8 %25 = icmp eq %struct.address_space_operations.108232* %24, null br i1 %25, label %36, label %26 %27 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %11, i64 0, i32 2 %28 = load %struct.inode.108461*, %struct.inode.108461** %27, align 8 %29 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %28, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %36 %34 = tail call i32 bitcast (i32 (%struct.file.109793*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.108469*, i64, i64, i32)*)(%struct.file.108469* nonnull %11, i64 %5, i64 %7, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 3 %6 = load %struct.file_operations.109782*, %struct.file_operations.109782** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.109793*, i64, i64, i32)** %9 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = tail call i32 @generic_fadvise(%struct.file.109793* %0, i64 %1, i64 %2, i32 %3) #70 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 read_pages 9 __do_page_cache_readahead 10 force_page_cache_readahead 11 generic_fadvise 12 vfs_fadvise 13 ksys_readahead 14 __ia32_compat_sys_x86_readahead ------------- Path:  Function:__ia32_compat_sys_x86_readahead %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = shl i64 %8, 32 %14 = or i64 %13, %6 %15 = tail call i64 @ksys_readahead(i32 %12, i64 %14, i64 %11) #69 Function:ksys_readahead %4 = tail call i64 @__fdget(i32 %0) #69 %5 = and i64 %4, -4 %6 = inttoptr i64 %5 to %struct.file.108469* %7 = icmp eq i64 %5, 0 br i1 %7, label %31, label %8 %9 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %6, i64 0, i32 8 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 1 %12 = icmp eq i32 %11, 0 br i1 %12, label %31, label %13 %14 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %6, i64 0, i32 19 %15 = load %struct.address_space.108233*, %struct.address_space.108233** %14, align 8 %16 = icmp eq %struct.address_space.108233* %15, null br i1 %16, label %31, label %17 %18 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %15, i64 0, i32 9 %19 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %18, align 8 %20 = icmp eq %struct.address_space_operations.108232* %19, null br i1 %20, label %31, label %21 %22 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %6, i64 0, i32 2 %23 = load %struct.inode.108461*, %struct.inode.108461** %22, align 8 %24 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %23, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %28, label %31 %29 = tail call i32 bitcast (i32 (%struct.file.109793*, i64, i64, i32)* @vfs_fadvise to i32 (%struct.file.108469*, i64, i64, i32)*)(%struct.file.108469* nonnull %6, i64 %1, i64 %2, i32 3) #69 Function:vfs_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 3 %6 = load %struct.file_operations.109782*, %struct.file_operations.109782** %5, align 8 %7 = getelementptr inbounds %struct.file_operations.109782, %struct.file_operations.109782* %6, i64 0, i32 31 %8 = bitcast {}** %7 to i32 (%struct.file.109793*, i64, i64, i32)** %9 = load i32 (%struct.file.109793*, i64, i64, i32)*, i32 (%struct.file.109793*, i64, i64, i32)** %8, align 8 %10 = icmp eq i32 (%struct.file.109793*, i64, i64, i32)* %9, null br i1 %10, label %13, label %11 %14 = tail call i32 @generic_fadvise(%struct.file.109793* %0, i64 %1, i64 %2, i32 %3) #70 Function:generic_fadvise %5 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 2 %6 = load %struct.inode.109786*, %struct.inode.109786** %5, align 8 %7 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %6, i64 0, i32 0 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, -4096 %10 = icmp eq i16 %9, 4096 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.file.109793, %struct.file.109793* %0, i64 0, i32 19 %13 = load %struct.address_space.109549*, %struct.address_space.109549** %12, align 8 %14 = icmp eq %struct.address_space.109549* %13, null %15 = icmp slt i64 %2, 0 %16 = or i1 %15, %14 br i1 %16, label %147, label %17 %18 = getelementptr inbounds %struct.address_space.109549, %struct.address_space.109549* %13, i64 0, i32 0 %19 = load %struct.inode.109786*, %struct.inode.109786** %18, align 8 %20 = icmp eq %struct.inode.109786* %19, null br i1 %20, label %35, label %21 %22 = getelementptr inbounds %struct.inode.109786, %struct.inode.109786* %19, i64 0, i32 8 %23 = load %struct.super_block.109772*, %struct.super_block.109772** %22, align 8 %24 = load %struct.super_block.109772*, %struct.super_block.109772** bitcast (%struct.super_block.112763** @blockdev_superblock to %struct.super_block.109772**), align 8 %25 = icmp eq %struct.super_block.109772* %24, %23 br i1 %25, label %26, label %29 %27 = tail call %struct.block_device.109546* bitcast (%struct.block_device.112609* (%struct.inode.112777*)* @I_BDEV to %struct.block_device.109546* (%struct.inode.109786*)*)(%struct.inode.109786* nonnull %19) #69 %28 = getelementptr inbounds %struct.block_device.109546, %struct.block_device.109546* %27, i64 0, i32 18 br label %31 %32 = phi %struct.backing_dev_info.109831** [ %28, %26 ], [ %30, %29 ] %33 = load %struct.backing_dev_info.109831*, %struct.backing_dev_info.109831** %32, align 8 %34 = icmp eq %struct.backing_dev_info.109831* %33, bitcast (%struct.backing_dev_info.108215* @noop_backing_dev_info to %struct.backing_dev_info.109831*) br i1 %34, label %35, label %38 %39 = add i64 %2, %1 %40 = icmp eq i64 %2, 0 %41 = icmp slt i64 %39, %2 %42 = or i1 %40, %41 %43 = add i64 %39, -1 %44 = select i1 %42, i64 -1, i64 %43 switch i32 %3, label %147 [ i32 0, label %45 i32 1, label %56 i32 2, label %63 i32 3, label %75 i32 5, label %146 i32 4, label %83 ] %76 = ashr i64 %1, 12 %77 = ashr i64 %44, 12 %78 = sub nsw i64 %77, %76 %79 = add nsw i64 %78, 1 %80 = icmp eq i64 %79, 0 %81 = select i1 %80, i64 -1, i64 %79 %82 = tail call i32 bitcast (i32 (%struct.address_space.108233*, %struct.file.108469*, i64, i64)* @force_page_cache_readahead to i32 (%struct.address_space.109549*, %struct.file.109793*, i64, i64)*)(%struct.address_space.109549* nonnull %13, %struct.file.109793* %0, i64 %76, i64 %81) #69 Function:force_page_cache_readahead %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %6 = load %struct.inode.108461*, %struct.inode.108461** %5, align 8 %7 = icmp eq %struct.inode.108461* %6, null br i1 %7, label %20, label %8 %21 = phi %struct.backing_dev_info.108215* [ %16, %13 ], [ %19, %17 ], [ @noop_backing_dev_info, %4 ] %22 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %23 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %22, align 8 %24 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 1 %25 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %24, align 8 %26 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %23, i64 0, i32 4 %29 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %28, align 8 %30 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %29, null br i1 %30, label %51, label %31, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.backing_dev_info.108215, %struct.backing_dev_info.108215* %21, i64 0, i32 4 %33 = load i64, i64* %32, align 8 %34 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %1, i64 0, i32 13, i32 3 %35 = load i32, i32* %34, align 8 %36 = zext i32 %35 to i64 %37 = icmp ugt i64 %33, %36 %38 = select i1 %37, i64 %33, i64 %36 %39 = icmp ugt i64 %38, %3 %40 = select i1 %39, i64 %3, i64 %38 %41 = icmp eq i64 %40, 0 br i1 %41, label %51, label %42 %43 = phi i64 [ %48, %42 ], [ %2, %31 ] %44 = phi i64 [ %49, %42 ], [ %40, %31 ] %45 = icmp ult i64 %44, 512 %46 = select i1 %45, i64 %44, i64 512 %47 = tail call i32 @__do_page_cache_readahead(%struct.address_space.108233* %0, %struct.file.108469* %1, i64 %43, i64 %46, i64 0) #70 Function:__do_page_cache_readahead %6 = alloca %struct.list_head, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = bitcast %struct.list_head* %6 to i8* %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 0 store %struct.list_head* %6, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.list_head, %struct.list_head* %6, i64 0, i32 1 store %struct.list_head* %6, %struct.list_head** %11, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 2 %15 = load i32, i32* %14, align 8 %16 = or i32 %15, 73728 %17 = icmp eq i64 %13, 0 br i1 %17, label %75, label %18 %19 = add i64 %13, -1 %20 = ashr i64 %19, 12 %21 = icmp eq i64 %3, 0 br i1 %21, label %68, label %22 %23 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 1 %24 = bitcast %struct.list_head* %6 to i64* %25 = sub i64 %3, %4 br label %26 %27 = phi i64 [ 0, %22 ], [ %62, %59 ] %28 = phi i32 [ 0, %22 ], [ %61, %59 ] %29 = phi i32 [ 0, %22 ], [ %60, %59 ] %30 = add i64 %27, %2 %31 = icmp ugt i64 %30, %20 br i1 %31, label %64, label %32 %33 = call i8* @xa_load(%struct.xarray* %23, i64 %30) #69 %34 = icmp eq i8* %33, null br i1 %34, label %42, label %35 %36 = ptrtoint i8* %33 to i64 %37 = and i64 %36, 1 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %42 %43 = call %struct.page.108237* @__page_cache_alloc(i32 %16) #69 %44 = icmp eq %struct.page.108237* %43, null br i1 %44, label %64, label %45 %46 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 2 store i64 %30, i64* %46, align 8 %47 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0 %48 = load %struct.list_head*, %struct.list_head** %10, align 8 %49 = getelementptr inbounds %struct.list_head, %struct.list_head* %48, i64 0, i32 1 store %struct.list_head* %47, %struct.list_head** %49, align 8 %50 = getelementptr inbounds %struct.list_head, %struct.list_head* %47, i64 0, i32 0 store %struct.list_head* %48, %struct.list_head** %50, align 8 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %43, i64 0, i32 1, i32 0, i32 0, i32 1 store %struct.list_head* %6, %struct.list_head** %51, align 8 %52 = ptrtoint %struct.list_head* %47 to i64 store volatile i64 %52, i64* %24, align 8 %53 = icmp eq i64 %25, %27 br i1 %53, label %54, label %57 %55 = bitcast %struct.page.108237* %43 to i8* %56 = getelementptr i8, i8* %55, i64 2 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %56, i8 4, i8* %56) #6, !srcloc !4 br label %57 %58 = add i32 %29, 1 br label %59 %60 = phi i32 [ 0, %41 ], [ 0, %39 ], [ %58, %57 ] %61 = add i32 %28, 1 %62 = sext i32 %61 to i64 %63 = icmp ult i64 %62, %3 br i1 %63, label %26, label %64 %65 = phi i32 [ %60, %59 ], [ %29, %42 ], [ %29, %26 ] %66 = icmp eq i32 %65, 0 br i1 %66, label %68, label %67 call fastcc void @read_pages(%struct.address_space.108233* %0, %struct.file.108469* %1, %struct.list_head* nonnull %6, i32 %65, i32 %16) #70 Function:read_pages %6 = alloca %struct.blk_plug, align 8 %7 = bitcast %struct.blk_plug* %6 to i8* call void @blk_start_plug(%struct.blk_plug* nonnull %6) #69 %8 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %0, i64 0, i32 9 %9 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %8, align 8 %10 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %9, i64 0, i32 4 %11 = load i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)*, i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)** %10, align 8 %12 = icmp eq i32 (%struct.file.108469*, %struct.address_space.108233*, %struct.list_head*, i32)* %11, null br i1 %12, label %13, label %18 %14 = icmp eq i32 %3, 0 br i1 %14, label %59, label %15 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 %17 = bitcast %struct.list_head** %16 to i8** br label %20 %21 = phi i32 [ 0, %15 ], [ %57, %56 ] %22 = load i8*, i8** %17, align 8 %23 = getelementptr i8, i8* %22, i64 -8 %24 = bitcast i8* %23 to %struct.page.108237* %25 = getelementptr inbounds i8, i8* %22, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 %28 = bitcast i8* %22 to %struct.list_head** %29 = load %struct.list_head*, %struct.list_head** %28, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 1 store %struct.list_head* %27, %struct.list_head** %30, align 8 %31 = ptrtoint %struct.list_head* %29 to i64 %32 = bitcast %struct.list_head* %27 to i64* store volatile i64 %31, i64* %32, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %28, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %26, align 8 %33 = getelementptr inbounds i8, i8* %22, i64 24 %34 = bitcast i8* %33 to i64* %35 = load i64, i64* %34, align 8 %36 = call i32 @add_to_page_cache_lru(%struct.page.108237* %24, %struct.address_space.108233* %0, i64 %35, i32 %4) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %43 %44 = bitcast i8* %22 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 1 %47 = icmp eq i64 %46, 0 %48 = add i64 %45, -1 %49 = inttoptr i64 %48 to %struct.page.108237* %50 = select i1 %47, %struct.page.108237* %24, %struct.page.108237* %49, !prof !4 %51 = getelementptr inbounds %struct.page.108237, %struct.page.108237* %50, i64 0, i32 3, i32 0 %52 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %51, i32* %51) #6, !srcloc !5 %53 = and i8 %52, 1 %54 = icmp eq i8 %53, 0 br i1 %54, label %56, label %55 %57 = add nuw i32 %21, 1 %58 = icmp eq i32 %57, %3 br i1 %58, label %59, label %20 call void @blk_finish_plug(%struct.blk_plug* nonnull %6) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 __se_sys_io_submit 9 __ia32_sys_io_submit ------------- Path:  Function:__ia32_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_io_submit(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #69 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %71, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 16 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 __se_sys_io_submit 9 __x64_sys_io_submit ------------- Path:  Function:__x64_sys_io_submit %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_io_submit(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_io_submit %4 = alloca %struct.blk_plug, align 8 %5 = inttoptr i64 %2 to %struct.iocb** %6 = bitcast %struct.blk_plug* %4 to i8* %7 = icmp sgt i64 %1, -1 br i1 %7, label %8, label %71, !prof !4, !misexpect !5 %9 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %0) #69 %10 = icmp eq %struct.kioctx* %9, null br i1 %10, label %71, label %11, !prof !6, !misexpect !5 %12 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 16 %14 = zext i32 %13 to i64 %15 = icmp slt i64 %14, %1 %16 = select i1 %15, i64 %14, i64 %1 %17 = icmp sgt i64 %16, 2 br i1 %17, label %18, label %19 %20 = icmp sgt i64 %16, 0 br i1 %20, label %21, label %49 br label %22 %23 = phi i64 [ %40, %38 ], [ 0, %21 ] %24 = phi i32 [ %39, %38 ], [ 0, %21 ] %26 = getelementptr %struct.iocb*, %struct.iocb** %5, i64 %23 %27 = call { %struct.iocb**, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(%struct.iocb** %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { %struct.iocb**, i64, i64 } %27, 0 %29 = extractvalue { %struct.iocb**, i64, i64 } %27, 2 %30 = ptrtoint %struct.iocb** %28 to i64 %31 = and i64 %30, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %44, !prof !4, !misexpect !5 %34 = extractvalue { %struct.iocb**, i64, i64 } %27, 1 %35 = inttoptr i64 %34 to %struct.iocb* %36 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %9, %struct.iocb* %35, i1 zeroext false) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %42 %39 = add i32 %24, 1 %40 = sext i32 %39 to i64 %41 = icmp sgt i64 %16, %40 br i1 %41, label %22, label %44 %45 = phi i32 [ %24, %42 ], [ %39, %38 ], [ %24, %22 ] %46 = phi i64 [ %23, %42 ], [ %40, %38 ], [ %23, %22 ] %47 = phi i64 [ %43, %42 ], [ 0, %38 ], [ -14, %22 ] br i1 %17, label %48, label %49 call void @blk_finish_plug(%struct.blk_plug* nonnull %4) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_finish_plug 8 __ia32_compat_sys_io_submit ------------- Path:  Function:__ia32_compat_sys_io_submit %2 = alloca %struct.blk_plug, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %6 to i32 %11 = inttoptr i64 %9 to i32* %12 = bitcast %struct.blk_plug* %2 to i8* %13 = icmp sgt i32 %10, -1 br i1 %13, label %14, label %79, !prof !4, !misexpect !5 %15 = and i64 %4, 4294967295 %16 = tail call fastcc %struct.kioctx* @lookup_ioctx(i64 %15) #69 %17 = icmp eq %struct.kioctx* %16, null br i1 %17, label %79, label %18, !prof !6, !misexpect !5 %19 = getelementptr inbounds %struct.kioctx, %struct.kioctx* %16, i64 0, i32 7 %20 = load i32, i32* %19, align 16 %21 = icmp ult i32 %20, %10 %22 = select i1 %21, i32 %20, i32 %10 %23 = icmp sgt i32 %22, 2 br i1 %23, label %24, label %25 %26 = icmp sgt i32 %22, 0 br i1 %26, label %27, label %57 %28 = zext i32 %22 to i64 br label %29 %30 = phi i64 [ 0, %27 ], [ %46, %45 ] %32 = getelementptr i32, i32* %11, i64 %30 %33 = call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %32, i64 4, i64 %31) #6, !srcloc !7 %34 = extractvalue { i32*, i64, i64 } %33, 0 %35 = extractvalue { i32*, i64, i64 } %33, 2 %36 = ptrtoint i32* %34 to i64 %37 = and i64 %36, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %51, !prof !4, !misexpect !5 %40 = extractvalue { i32*, i64, i64 } %33, 1 %41 = and i64 %40, 4294967295 %42 = inttoptr i64 %41 to %struct.iocb* %43 = call fastcc i32 @io_submit_one(%struct.kioctx* nonnull %16, %struct.iocb* %42, i1 zeroext true) #69 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %48 %46 = add nuw nsw i64 %30, 1 %47 = icmp eq i64 %46, %28 br i1 %47, label %53, label %29 %54 = phi i32 [ %49, %48 ], [ %52, %51 ], [ %22, %45 ] %55 = phi i64 [ %50, %48 ], [ -14, %51 ], [ 0, %45 ] br i1 %23, label %56, label %57 call void @blk_finish_plug(%struct.blk_plug* nonnull %2) #69 Function:blk_finish_plug %2 = alloca %struct.list_head, align 8 %3 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %3, i64 0, i32 111 %5 = load %struct.blk_plug*, %struct.blk_plug** %4, align 8 %6 = icmp eq %struct.blk_plug* %5, %0 br i1 %6, label %7, label %59 %8 = bitcast %struct.list_head* %2 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %12 = bitcast %struct.list_head* %11 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %51, label %16 %17 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %18 = ptrtoint %struct.list_head* %11 to i64 %19 = bitcast %struct.list_head* %2 to i64* br label %24 %25 = load volatile i64, i64* %12, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %11, %26 br i1 %27, label %32, label %28 %29 = load %struct.list_head*, %struct.list_head** %17, align 8 %30 = getelementptr inbounds %struct.list_head, %struct.list_head* %26, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %30, align 8 store %struct.list_head* %26, %struct.list_head** %9, align 8 %31 = getelementptr inbounds %struct.list_head, %struct.list_head* %29, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %31, align 8 store %struct.list_head* %29, %struct.list_head** %10, align 8 store volatile i64 %18, i64* %12, align 8 store %struct.list_head* %11, %struct.list_head** %17, align 8 br label %32 %33 = load volatile i64, i64* %19, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %2, %34 br i1 %35, label %20, label %36 %37 = phi i64 [ %48, %36 ], [ %33, %32 ] %38 = inttoptr i64 %37 to %struct.blk_plug_cb* %39 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 1 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 0, i32 0 %42 = load %struct.list_head*, %struct.list_head** %41, align 8 %43 = getelementptr inbounds %struct.list_head, %struct.list_head* %42, i64 0, i32 1 store %struct.list_head* %40, %struct.list_head** %43, align 8 %44 = ptrtoint %struct.list_head* %42 to i64 %45 = bitcast %struct.list_head* %40 to i64* store volatile i64 %44, i64* %45, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %39, align 8 %46 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %38, i64 0, i32 1 %47 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %46, align 8 call void %47(%struct.blk_plug_cb* %38, i1 zeroext false) #69 %48 = load volatile i64, i64* %19, align 8 %49 = inttoptr i64 %48 to %struct.list_head* %50 = icmp eq %struct.list_head* %2, %49 br i1 %50, label %20, label %36 %21 = load volatile i64, i64* %12, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %11, %22 br i1 %23, label %51, label %24 %52 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %53 = bitcast %struct.blk_plug* %0 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = inttoptr i64 %54 to %struct.list_head* %56 = icmp eq %struct.list_head* %52, %55 br i1 %56, label %58, label %57 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext false) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 blk_poll 9 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr %struct.inode.112777, %struct.inode.112777* %8, i64 -1, i32 40 %10 = getelementptr inbounds %struct.file_lock_context*, %struct.file_lock_context** %9, i64 16 %11 = bitcast %struct.file_lock_context** %10 to %struct.gendisk.112631** %12 = load %struct.gendisk.112631*, %struct.gendisk.112631** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.112631, %struct.gendisk.112631* %12, i64 0, i32 10 %14 = load %struct.request_queue.112608*, %struct.request_queue.112608** %13, align 8 %15 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 7 %16 = load volatile i32, i32* %15, align 4 %17 = tail call i32 bitcast (i32 (%struct.request_queue.272970*, i32, i1)* @blk_poll to i32 (%struct.request_queue.112608*, i32, i1)*)(%struct.request_queue.112608* %14, i32 %16, i1 zeroext %1) #69 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.277443, align 8 %5 = alloca i64, align 8 %6 = icmp ult i32 %1, -2 br i1 %6, label %7, label %180 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 65536 %11 = icmp eq i64 %10, 0 br i1 %11, label %180, label %12 %13 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 111 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 8 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %15, i1 zeroext false) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 _nfs4_do_setattr 13 nfs4_do_setattr 14 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #69 %6 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %2, i64 0, i32 8 %21 = load %struct.file.195283*, %struct.file.195283** %20, align 8 %22 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.215562** %24 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %23, align 8 %25 = icmp eq %struct.nfs_open_context.215562* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.215562* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode.195275* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr.194676* %2, %struct.nfs_open_context.215562* %31, %struct.nfs4_label* null) #70 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %13 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.215528** %15 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %14, align 32 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.215562* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.215561* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %26 = getelementptr inbounds i64, i64* %25, i64 1 %27 = bitcast %struct.nfs_fh** %24 to i64** store i64* %26, i64** %27, align 8 %28 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %29 = bitcast %struct.nfs4_stateid_struct* %28 to i8* %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr.194676* %3, %struct.iattr.194676** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.215528* %15, %struct.nfs_server.215528** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %33 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %33, i32** %32, align 8 %34 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %34, align 8 %35 = bitcast %struct.nfs_setattrres* %9 to i8* %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %37, align 8 %38 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.215528* %15, %struct.nfs_server.215528** %38, align 8 %39 = bitcast %struct.nfs4_exception* %10 to i8* %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.215561* %22, %struct.nfs4_state.215561** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode.195275* %0, %struct.inode.195275** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %45, align 1 %46 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %15, i64 0, i32 33, i64 0 %47 = bitcast i32* %46 to i8* %48 = icmp eq %struct.inode.195275* %0, null %49 = getelementptr inbounds i64, i64* %25, i64 19 %50 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %3, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %15, i64 0, i32 0 %52 = icmp eq %struct.nfs4_state.215561* %22, null %53 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %22, i64 0, i32 13 br label %54 br i1 %48, label %74, label %55 %75 = call fastcc i32 @_nfs4_do_setattr(%struct.inode.195275* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.215562* %4) #70 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup.196956, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %11 = load %struct.super_block.195272*, %struct.super_block.195272** %10, align 8 %12 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.215528** %14 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %13, align 32 %15 = bitcast %struct.rpc_message.196909* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 9), %struct.rpc_procinfo.196908** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr.194676*, %struct.iattr.194676** %26, align 8 %28 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %35 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 2 %36 = call zeroext i1 bitcast (i1 (%struct.inode.220272*, i32, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_copy_delegation_stateid to i1 (%struct.inode.195275*, i32, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.inode.195275* %0, i32 2, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #69 br i1 %36, label %63, label %37 %38 = icmp eq %struct.nfs_open_context.215562* %4, null br i1 %38, label %58, label %39 %40 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %4, i64 0, i32 5 %41 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %40, align 8 %42 = icmp eq %struct.nfs4_state.215561* %41, null br i1 %42, label %58, label %43 %44 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %41, i64 0, i32 5 %45 = load volatile i64, i64* %44, align 8 %46 = and i64 %45, 512 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %161 %49 = call %struct.nfs_lock_context.215563* bitcast (%struct.nfs_lock_context.197737* (%struct.nfs_open_context.197736*)* @nfs_get_lock_context to %struct.nfs_lock_context.215563* (%struct.nfs_open_context.215562*)*)(%struct.nfs_open_context.215562* nonnull %4) #69 %50 = icmp ugt %struct.nfs_lock_context.215563* %49, inttoptr (i64 -4096 to %struct.nfs_lock_context.215563*) br i1 %50, label %51, label %54 %55 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %40, align 8 %56 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %55, i32 2, %struct.nfs_lock_context.215563* %49, %struct.nfs4_stateid_struct* %35, %struct.cred** nonnull %9) #69 call void bitcast (void (%struct.nfs_lock_context.197737*)* @nfs_put_lock_context to void (%struct.nfs_lock_context.215563*)*)(%struct.nfs_lock_context.215563* %49) #69 %57 = icmp eq i32 %56, -5 br i1 %57, label %161, label %63 %64 = load %struct.cred*, %struct.cred** %9, align 8 %65 = icmp eq %struct.cred* %64, null br i1 %65, label %67, label %66 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %14, i64 0, i32 3 %69 = bitcast %struct.rpc_clnt.196924** %68 to i64* %70 = load i64, i64* %69, align 8 %71 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0 %72 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0 %73 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %73, align 8 %74 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 0, i32 1 %75 = load i8, i8* %74, align 8 %76 = and i8 %75, -4 %77 = or i8 %76, 1 store i8 %77, i8* %74, align 8 %78 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %78, align 8 %79 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %14, i64 0, i32 0 %80 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %79, align 8 %81 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %82 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 store %struct.nfs_server.215528* %14, %struct.nfs_server.215528** %82, align 8 %83 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 store %struct.nfs4_sequence_args.215545* %71, %struct.nfs4_sequence_args.215545** %83, align 8 %84 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 store %struct.nfs4_sequence_res.215547* %72, %struct.nfs4_sequence_res.215547** %84, align 8 %85 = bitcast %struct.rpc_task_setup.196956* %7 to i8* %86 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 0 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %86, align 8 %87 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 1 %88 = bitcast %struct.rpc_clnt.196924** %87 to i64* store i64 %70, i64* %88, align 8 %89 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 2 %90 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 4 %91 = bitcast %struct.rpc_xprt.196914** %89 to i8* store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %90, align 8 %92 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 5 %93 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %80, i64 0, i32 30 %94 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %93, align 8 %95 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %94, i64 0, i32 10 %96 = bitcast %struct.rpc_call_ops.196910** %95 to i64* %97 = load i64, i64* %96, align 8 %98 = bitcast %struct.rpc_call_ops.196910** %92 to i64* store i64 %97, i64* %98, align 8 %99 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 6 %100 = bitcast i8** %99 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %100, align 8 %101 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %101, align 8 %102 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 8 store i16 0, i16* %102, align 8 %103 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 9 store i8 0, i8* %103, align 2 %104 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_getattr ------------- Path:  Function:nfs4_proc_getattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup.196956, align 8 %8 = alloca [3 x i32], align 4 %9 = alloca %struct.nfs4_server_caps_arg, align 8 %10 = alloca %struct.nfs4_getattr_res, align 8 %11 = alloca %struct.rpc_message.196909, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = bitcast [3 x i32]* %8 to i8* %16 = bitcast %struct.nfs4_server_caps_arg* %9 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %8, i64 0, i64 0 %21 = bitcast %struct.nfs4_getattr_res* %10 to i8* %22 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 3 %26 = bitcast %struct.rpc_message.196909* %11 to i8* %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 0 %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 1 %29 = bitcast i8** %28 to %struct.nfs4_server_caps_arg** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 2 %31 = bitcast i8** %30 to %struct.nfs4_getattr_res** %32 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 3 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %34 = bitcast i32* %33 to i8* %35 = icmp eq %struct.inode.195275* %4, null %36 = getelementptr %struct.inode.195275, %struct.inode.195275* %4, i64 -1, i32 15, i32 1 %37 = getelementptr inbounds i64, i64* %36, i64 19 %38 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %39 = bitcast %struct.rpc_clnt.196924** %38 to i64* %40 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %9, i64 0, i32 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_getattr_res, %struct.nfs4_getattr_res* %10, i64 0, i32 0, i32 0 %43 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %44 = bitcast %struct.nfs4_call_sync_data* %6 to i8* %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 1 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %6, i64 0, i32 2 %48 = bitcast %struct.rpc_task_setup.196956* %7 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 0 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 1 %51 = bitcast %struct.rpc_clnt.196924** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 2 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 4 %54 = bitcast %struct.rpc_xprt.196914** %52 to i8* %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 5 %56 = bitcast %struct.rpc_call_ops.196910** %55 to i64* %57 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 6 %58 = bitcast i8** %57 to %struct.nfs4_call_sync_data** %59 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 7 %60 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 8 %61 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %7, i64 0, i32 9 %62 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %63 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %25, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 18), %struct.rpc_procinfo.196908** %27, align 8 store %struct.nfs4_server_caps_arg* %9, %struct.nfs4_server_caps_arg** %29, align 8 store %struct.nfs4_getattr_res* %10, %struct.nfs4_getattr_res** %31, align 8 store %struct.cred* null, %struct.cred** %32, align 8 br i1 %35, label %83, label %64 %65 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* nonnull %4, i32 1) #69 %66 = icmp eq i32 %65, 0 br i1 %66, label %83, label %67 %68 = load volatile i64, i64* %37, align 8 %69 = and i64 %68, 64 %70 = icmp eq i64 %69, 0 %71 = select i1 %70, i64 0, i64 %68 %72 = and i64 %71, 2048 %73 = icmp eq i64 %72, 0 br i1 %73, label %74, label %77 %75 = load i32, i32* %20, align 4 %76 = and i32 %75, -17 store i32 %76, i32* %20, align 4 br label %77 %78 = and i64 %71, 256 %79 = icmp eq i64 %78, 0 br i1 %79, label %80, label %83 %81 = load i32, i32* %20, align 4 %82 = and i32 %81, -9 store i32 %82, i32* %20, align 4 br label %83 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 %84 = load i64, i64* %39, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %40, align 8 %85 = load i8, i8* %41, align 8 %86 = and i8 %85, -4 store i8 %86, i8* %41, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %42, align 8 %87 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %43, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %45, align 8 store %struct.nfs4_sequence_args.215545* %17, %struct.nfs4_sequence_args.215545** %46, align 8 store %struct.nfs4_sequence_res.215547* %22, %struct.nfs4_sequence_res.215547** %47, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %49, align 8 store i64 %84, i64* %51, align 8 store %struct.rpc_message.196909* %11, %struct.rpc_message.196909** %53, align 8 %88 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %87, i64 0, i32 30 %89 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %88, align 8 %90 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %89, i64 0, i32 10 %91 = bitcast %struct.rpc_call_ops.196910** %90 to i64* %92 = load i64, i64* %91, align 8 store i64 %92, i64* %56, align 8 store %struct.nfs4_call_sync_data* %6, %struct.nfs4_call_sync_data** %58, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %59, align 8 store i16 0, i16* %60, align 8 store i8 0, i8* %61, align 2 %93 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %7) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %72 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %63, i64 0, i32 36, i64 0 store i32* %72, i32** %18, align 8 br label %73 %74 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %63, i64 0, i32 3 %75 = bitcast %struct.rpc_clnt.196924** %74 to i64* %76 = load i64, i64* %75, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %35, align 8 %77 = load i8, i8* %36, align 8 %78 = and i8 %77, -4 store i8 %78, i8* %36, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %37, align 8 %79 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %63, i64 0, i32 0 %80 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %79, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %39, align 8 store %struct.nfs4_sequence_args.215545* %13, %struct.nfs4_sequence_args.215545** %40, align 8 store %struct.nfs4_sequence_res.215547* %34, %struct.nfs4_sequence_res.215547** %41, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %43, align 8 store i64 %76, i64* %45, align 8 store %struct.rpc_message.196909* %7, %struct.rpc_message.196909** %47, align 8 %81 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %80, i64 0, i32 30 %82 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %81, align 8 %83 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %82, i64 0, i32 10 %84 = bitcast %struct.rpc_call_ops.196910** %83 to i64* %85 = load i64, i64* %84, align 8 store i64 %85, i64* %50, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %52, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %53, align 8 store i16 0, i16* %54, align 8 store i8 0, i8* %55, align 2 %86 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_lookupp ------------- Path:  Function:nfs4_proc_lookupp %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup.196956, align 8 %7 = alloca %struct.nfs4_server_caps_arg, align 8 %8 = alloca %struct.nfs4_lookup_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = bitcast %struct.nfs4_server_caps_arg* %7 to i8* %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 2 %21 = bitcast %struct.nfs4_lookup_res* %8 to i8* %22 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 1 %24 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 2 %25 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 4 %27 = bitcast %struct.rpc_message.196909* %9 to i8* %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs4_server_caps_arg** %31 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs4_lookup_res** %33 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %7, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_lookup_res, %struct.nfs4_lookup_res* %8, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup.196956* %6 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt.196924** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt.196914** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops.196910** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %56 %57 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %58 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.215528** %60 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %59, align 32 %61 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 3 %62 = bitcast %struct.rpc_clnt.196924** %61 to i64* %63 = load i64, i64* %62, align 8 store i64* %18, i64** %19, align 8 %64 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 33, i64 0 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %25, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %26, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 61), %struct.rpc_procinfo.196908** %28, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %30, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 store i32* %64, i32** %20, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %34, align 8 %65 = load i8, i8* %35, align 8 %66 = and i8 %65, -4 store i8 %66, i8* %35, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %36, align 8 %67 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 0 %68 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %67, align 8 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %38, align 8 store %struct.nfs4_sequence_args.215545* %15, %struct.nfs4_sequence_args.215545** %39, align 8 store %struct.nfs4_sequence_res.215547* %22, %struct.nfs4_sequence_res.215547** %40, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %42, align 8 store i64 %63, i64* %44, align 8 store %struct.rpc_message.196909* %9, %struct.rpc_message.196909** %46, align 8 %69 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %68, i64 0, i32 30 %70 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops.196910** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %49, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %74 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %6) #69 %77 = ptrtoint %struct.rpc_task.196911* %74 to i64 %78 = trunc i64 %77 to i32 br label %82 %83 = phi i32 [ %78, %76 ], [ %81, %79 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_lookupp to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_lookupp, %84)) #6 to label %106 [label %84], !srcloc !4 %107 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %108 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %107, i64 0, i32 28 %109 = bitcast i8** %108 to %struct.nfs_server.215528** %110 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %109, align 32 %111 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %110, i32 %83, %struct.nfs4_exception* nonnull %10) #70 %112 = load i8, i8* %55, align 8 %113 = and i8 %112, 8 %114 = icmp eq i8 %113, 0 br i1 %114, label %115, label %56 %57 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %58 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.215528** %60 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %59, align 32 %61 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 3 %62 = bitcast %struct.rpc_clnt.196924** %61 to i64* %63 = load i64, i64* %62, align 8 store i64* %18, i64** %19, align 8 %64 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 33, i64 0 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %23, align 8 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %24, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %25, align 8 store %struct.nfs4_label* %3, %struct.nfs4_label** %26, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 61), %struct.rpc_procinfo.196908** %28, align 8 store %struct.nfs4_server_caps_arg* %7, %struct.nfs4_server_caps_arg** %30, align 8 store %struct.nfs4_lookup_res* %8, %struct.nfs4_lookup_res** %32, align 8 store %struct.cred* null, %struct.cred** %33, align 8 store i32* %64, i32** %20, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %2) #69 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %34, align 8 %65 = load i8, i8* %35, align 8 %66 = and i8 %65, -4 store i8 %66, i8* %35, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %36, align 8 %67 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 0 %68 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %67, align 8 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %38, align 8 store %struct.nfs4_sequence_args.215545* %15, %struct.nfs4_sequence_args.215545** %39, align 8 store %struct.nfs4_sequence_res.215547* %22, %struct.nfs4_sequence_res.215547** %40, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %42, align 8 store i64 %63, i64* %44, align 8 store %struct.rpc_message.196909* %9, %struct.rpc_message.196909** %46, align 8 %69 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %68, i64 0, i32 30 %70 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %69, align 8 %71 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %70, i64 0, i32 10 %72 = bitcast %struct.rpc_call_ops.196910** %71 to i64* %73 = load i64, i64* %72, align 8 store i64 %73, i64* %49, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %74 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_readlink ------------- Path:  Function:nfs4_proc_readlink %5 = alloca %struct.nfs4_call_sync_data, align 8 %6 = alloca %struct.rpc_task_setup.196956, align 8 %7 = alloca %struct.page.195245*, align 8 %8 = alloca %struct.nfs4_readlink, align 8 %9 = alloca %struct.nfs4_readlink_res, align 8 %10 = alloca %struct.rpc_message.196909, align 8 %11 = alloca %struct.nfs4_exception, align 8 %12 = bitcast %struct.nfs4_exception* %11 to i8* %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 5 store i8 1, i8* %13, align 1 %14 = bitcast %struct.page.195245** %7 to i8* %15 = bitcast %struct.nfs4_readlink* %8 to i8* %16 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0 %17 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 1 %18 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %19 = getelementptr inbounds i64, i64* %18, i64 1 %20 = bitcast %struct.nfs_fh** %17 to i64** %21 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 3 %23 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 4 %24 = bitcast %struct.nfs4_readlink_res* %9 to i8* %25 = bitcast %struct.rpc_message.196909* %10 to i8* %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %10, i64 0, i32 0 %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %10, i64 0, i32 1 %28 = bitcast i8** %27 to %struct.nfs4_readlink** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %10, i64 0, i32 2 %30 = bitcast i8** %29 to %struct.nfs4_readlink_res** %31 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %10, i64 0, i32 3 %32 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %33 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_readlink, %struct.nfs4_readlink* %8, i64 0, i32 0, i32 1 %36 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %9, i64 0, i32 0, i32 0 %37 = bitcast %struct.nfs4_call_sync_data* %5 to i8* %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 1 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %5, i64 0, i32 2 %41 = bitcast %struct.rpc_task_setup.196956* %6 to i8* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 0 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 1 %44 = bitcast %struct.rpc_clnt.196924** %43 to i64* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 2 %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 4 %47 = bitcast %struct.rpc_xprt.196914** %45 to i8* %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 5 %49 = bitcast %struct.rpc_call_ops.196910** %48 to i64* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 6 %51 = bitcast i8** %50 to %struct.nfs4_call_sync_data** %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 7 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 8 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %6, i64 0, i32 9 %55 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %11, i64 0, i32 4 br label %56 store %struct.page.195245* %1, %struct.page.195245** %7, align 8 store i64* %19, i64** %20, align 8 store i32 %2, i32* %21, align 8 store i32 %3, i32* %22, align 4 store %struct.page.195245** %7, %struct.page.195245*** %23, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 28), %struct.rpc_procinfo.196908** %26, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %28, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %30, align 8 store %struct.cred* null, %struct.cred** %31, align 8 %57 = load %struct.super_block.195272*, %struct.super_block.195272** %32, align 8 %58 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.215528** %60 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %59, align 32 %61 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 3 %62 = bitcast %struct.rpc_clnt.196924** %61 to i64* %63 = load i64, i64* %62, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %34, align 8 store i8 0, i8* %35, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %36, align 8 %64 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 0 %65 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %64, align 8 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %38, align 8 store %struct.nfs4_sequence_args.215545* %16, %struct.nfs4_sequence_args.215545** %39, align 8 store %struct.nfs4_sequence_res.215547* %33, %struct.nfs4_sequence_res.215547** %40, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %42, align 8 store i64 %63, i64* %44, align 8 store %struct.rpc_message.196909* %10, %struct.rpc_message.196909** %46, align 8 %66 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %65, i64 0, i32 30 %67 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops.196910** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %49, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %71 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %6) #69 %74 = ptrtoint %struct.rpc_task.196911* %71 to i64 %75 = trunc i64 %74 to i32 br label %79 %80 = phi i32 [ %75, %73 ], [ %78, %76 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_readlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_readlink, %81)) #6 to label %103 [label %81], !srcloc !4 %104 = load %struct.super_block.195272*, %struct.super_block.195272** %32, align 8 %105 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %104, i64 0, i32 28 %106 = bitcast i8** %105 to %struct.nfs_server.215528** %107 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %106, align 32 %108 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %107, i32 %80, %struct.nfs4_exception* nonnull %11) #70 %109 = load i8, i8* %55, align 8 %110 = and i8 %109, 8 %111 = icmp eq i8 %110, 0 br i1 %111, label %112, label %56 store %struct.page.195245* %1, %struct.page.195245** %7, align 8 store i64* %19, i64** %20, align 8 store i32 %2, i32* %21, align 8 store i32 %3, i32* %22, align 4 store %struct.page.195245** %7, %struct.page.195245*** %23, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 28), %struct.rpc_procinfo.196908** %26, align 8 store %struct.nfs4_readlink* %8, %struct.nfs4_readlink** %28, align 8 store %struct.nfs4_readlink_res* %9, %struct.nfs4_readlink_res** %30, align 8 store %struct.cred* null, %struct.cred** %31, align 8 %57 = load %struct.super_block.195272*, %struct.super_block.195272** %32, align 8 %58 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %57, i64 0, i32 28 %59 = bitcast i8** %58 to %struct.nfs_server.215528** %60 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %59, align 32 %61 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 3 %62 = bitcast %struct.rpc_clnt.196924** %61 to i64* %63 = load i64, i64* %62, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %34, align 8 store i8 0, i8* %35, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %36, align 8 %64 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %60, i64 0, i32 0 %65 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %64, align 8 store %struct.nfs_server.215528* %60, %struct.nfs_server.215528** %38, align 8 store %struct.nfs4_sequence_args.215545* %16, %struct.nfs4_sequence_args.215545** %39, align 8 store %struct.nfs4_sequence_res.215547* %33, %struct.nfs4_sequence_res.215547** %40, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %42, align 8 store i64 %63, i64* %44, align 8 store %struct.rpc_message.196909* %10, %struct.rpc_message.196909** %46, align 8 %66 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %65, i64 0, i32 30 %67 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %66, align 8 %68 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %67, i64 0, i32 10 %69 = bitcast %struct.rpc_call_ops.196910** %68 to i64* %70 = load i64, i64* %69, align 8 store i64 %70, i64* %49, align 8 store %struct.nfs4_call_sync_data* %5, %struct.nfs4_call_sync_data** %51, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %52, align 8 store i16 0, i16* %53, align 8 store i8 0, i8* %54, align 2 %71 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %6) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_server_capabilities ------------- Path:  Function:nfs4_server_capabilities %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca [3 x i32], align 4 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_server_caps_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast [3 x i32]* %5 to i8* %13 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 1 %14 = bitcast i32* %13 to i64* %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %16 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %17 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %18 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %19 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %20 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 0 %21 = bitcast %struct.nfs4_server_caps_res* %7 to i8* %22 = bitcast %struct.rpc_message.196909* %8 to i8* %23 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %25 = bitcast i8** %24 to %struct.nfs4_server_caps_arg** %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %27 = bitcast i8** %26 to %struct.nfs4_server_caps_res** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %29 = getelementptr inbounds [3 x i32], [3 x i32]* %5, i64 0, i64 2 %30 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %31 = bitcast %struct.rpc_clnt.196924** %30 to i64* %32 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0 %33 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %35 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 0, i32 0 %36 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %40 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %41 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %43 = bitcast %struct.rpc_clnt.196924** %42 to i64* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %46 = bitcast %struct.rpc_xprt.196914** %44 to i8* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %48 = bitcast %struct.rpc_call_ops.196910** %47 to i64* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %50 = bitcast i8** %49 to %struct.nfs4_call_sync_data** %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %54 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 2 %55 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1, i64 1 %56 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %57 = bitcast i32* %56 to i8* %58 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 1 %59 = getelementptr [3 x i32], [3 x i32]* %58, i64 0, i64 0 %60 = bitcast [3 x i32]* %58 to i8* %61 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 9 %62 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 3 %63 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 4 %64 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 5 %65 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 34 %66 = bitcast [3 x i32]* %65 to i8* %67 = getelementptr %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 34, i64 2 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 36, i64 0 %69 = bitcast [3 x i32]* %58 to i64* %70 = getelementptr %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 36, i64 1 %71 = getelementptr %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 36, i64 2 %72 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 0 %73 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 1 %74 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 2, i64 2 %75 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 35, i64 0 %76 = bitcast i32* %75 to i8* %77 = bitcast i32* %72 to i8* %78 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 37 %79 = getelementptr inbounds %struct.nfs4_server_caps_res, %struct.nfs4_server_caps_res* %7, i64 0, i32 6 %80 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 38 %81 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %82 store i64 0, i64* %14, align 4 %83 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %15, align 8 %84 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %83, i64 0, i32 15 %85 = load i32, i32* %84, align 8 store %struct.nfs_fh* %1, %struct.nfs_fh** %18, align 8 store i32* %20, i32** %19, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 30), %struct.rpc_procinfo.196908** %23, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %25, align 8 store %struct.nfs4_server_caps_res* %7, %struct.nfs4_server_caps_res** %27, align 8 store %struct.cred* null, %struct.cred** %28, align 8 store i32 8293, i32* %20, align 4 %86 = icmp eq i32 %85, 0 br i1 %86, label %88, label %87 store i32 2048, i32* %29, align 4 br label %88 %89 = load i64, i64* %31, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %33, align 8 store i8 0, i8* %34, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %35, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %37, align 8 store %struct.nfs4_sequence_args.215545* %17, %struct.nfs4_sequence_args.215545** %38, align 8 store %struct.nfs4_sequence_res.215547* %32, %struct.nfs4_sequence_res.215547** %39, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %41, align 8 store i64 %89, i64* %43, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %45, align 8 %90 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %83, i64 0, i32 30 %91 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %90, align 8 %92 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %91, i64 0, i32 10 %93 = bitcast %struct.rpc_call_ops.196910** %92 to i64* %94 = load i64, i64* %93, align 8 store i64 %94, i64* %48, align 8 store %struct.nfs4_call_sync_data* %3, %struct.nfs4_call_sync_data** %50, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %51, align 8 store i16 0, i16* %52, align 8 store i8 0, i8* %53, align 2 %95 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %4) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 _nfs4_proc_remove 13 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = icmp eq %struct.inode.195275* %7, null br i1 %8, label %17, label %9 %18 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %19 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %20 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.195275* %0, %struct.qstr* %18, i32 1) #70 %46 = load %struct.super_block.195272*, %struct.super_block.195272** %19, align 8 %47 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %46, i64 0, i32 28 %48 = bitcast i8** %47 to %struct.nfs_server.215528** %49 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %48, align 32 %50 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %49, i32 %22, %struct.nfs4_exception* nonnull %3) #70 %51 = load i8, i8* %20, align 8 %52 = and i8 %51, 8 %53 = icmp eq i8 %52, 0 br i1 %53, label %54, label %21 %22 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.195275* %0, %struct.qstr* %18, i32 1) #70 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs_removeargs.215546, align 8 %7 = alloca %struct.nfs_removeres.215548, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %10 = load %struct.super_block.195272*, %struct.super_block.195272** %9, align 8 %11 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.215528** %13 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %12, align 32 %14 = bitcast %struct.nfs_removeargs.215546* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** store i64* %18, i64** %19, align 8 %20 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 2 %21 = bitcast %struct.qstr* %20 to i8* %22 = bitcast %struct.qstr* %1 to i8* %23 = bitcast %struct.nfs_removeres.215548* %7 to i8* %24 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0, i32 1 %25 = bitcast i64* %24 to i8* %26 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 1 store %struct.nfs_server.215528* %13, %struct.nfs_server.215528** %26, align 8 %27 = bitcast %struct.rpc_message.196909* %8 to i8* %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 21), %struct.rpc_procinfo.196908** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs_removeargs.215546** store %struct.nfs_removeargs.215546* %6, %struct.nfs_removeargs.215546** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs_removeres.215548** store %struct.nfs_removeres.215548* %7, %struct.nfs_removeres.215548** %32, align 8 %33 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %33, align 8 %34 = load volatile i64, i64* @jiffies, align 64 %35 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %13, i64 0, i32 3 %36 = bitcast %struct.rpc_clnt.196924** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 1 store i8 1, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %41, align 8 %42 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %13, i64 0, i32 0 %43 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %42, align 8 %44 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.215528* %13, %struct.nfs_server.215528** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.215545* %15, %struct.nfs4_sequence_args.215545** %46, align 8 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.215547* %38, %struct.nfs4_sequence_res.215547** %47, align 8 %48 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %49, align 8 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %51 = bitcast %struct.rpc_clnt.196924** %50 to i64* store i64 %37, i64* %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %54 = bitcast %struct.rpc_xprt.196914** %52 to i8* store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %53, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %56 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %43, i64 0, i32 30 %57 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %56, align 8 %58 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %57, i64 0, i32 10 %59 = bitcast %struct.rpc_call_ops.196910** %58 to i64* %60 = load i64, i64* %59, align 8 %61 = bitcast %struct.rpc_call_ops.196910** %55 to i64* store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %63 = bitcast i8** %62 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 store i16 0, i16* %65, align 8 %66 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 store i8 0, i8* %66, align 2 %67 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 _nfs4_proc_remove 13 nfs4_proc_rmdir ------------- Path:  Function:nfs4_proc_rmdir %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %7 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 br label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.195275* %0, %struct.qstr* %1, i32 2) #69 %33 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %34 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %33, i64 0, i32 28 %35 = bitcast i8** %34 to %struct.nfs_server.215528** %36 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %35, align 32 %37 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %36, i32 %9, %struct.nfs4_exception* nonnull %3) #69 %38 = load i8, i8* %7, align 8 %39 = and i8 %38, 8 %40 = icmp eq i8 %39, 0 br i1 %40, label %41, label %8 %9 = call fastcc i32 @_nfs4_proc_remove(%struct.inode.195275* %0, %struct.qstr* %1, i32 2) #69 Function:_nfs4_proc_remove %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs_removeargs.215546, align 8 %7 = alloca %struct.nfs_removeres.215548, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %10 = load %struct.super_block.195272*, %struct.super_block.195272** %9, align 8 %11 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.215528** %13 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %12, align 32 %14 = bitcast %struct.nfs_removeargs.215546* %6 to i8* %15 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** store i64* %18, i64** %19, align 8 %20 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 2 %21 = bitcast %struct.qstr* %20 to i8* %22 = bitcast %struct.qstr* %1 to i8* %23 = bitcast %struct.nfs_removeres.215548* %7 to i8* %24 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0, i32 1 %25 = bitcast i64* %24 to i8* %26 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 1 store %struct.nfs_server.215528* %13, %struct.nfs_server.215528** %26, align 8 %27 = bitcast %struct.rpc_message.196909* %8 to i8* %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 21), %struct.rpc_procinfo.196908** %28, align 8 %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %30 = bitcast i8** %29 to %struct.nfs_removeargs.215546** store %struct.nfs_removeargs.215546* %6, %struct.nfs_removeargs.215546** %30, align 8 %31 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %32 = bitcast i8** %31 to %struct.nfs_removeres.215548** store %struct.nfs_removeres.215548* %7, %struct.nfs_removeres.215548** %32, align 8 %33 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 store %struct.cred* null, %struct.cred** %33, align 8 %34 = load volatile i64, i64* @jiffies, align 64 %35 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %13, i64 0, i32 3 %36 = bitcast %struct.rpc_clnt.196924** %35 to i64* %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0 %39 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %39, align 8 %40 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 1 store i8 1, i8* %40, align 8 %41 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %7, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %41, align 8 %42 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %13, i64 0, i32 0 %43 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %42, align 8 %44 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %45 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 store %struct.nfs_server.215528* %13, %struct.nfs_server.215528** %45, align 8 %46 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 store %struct.nfs4_sequence_args.215545* %15, %struct.nfs4_sequence_args.215545** %46, align 8 %47 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 store %struct.nfs4_sequence_res.215547* %38, %struct.nfs4_sequence_res.215547** %47, align 8 %48 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %49, align 8 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %51 = bitcast %struct.rpc_clnt.196924** %50 to i64* store i64 %37, i64* %51, align 8 %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %54 = bitcast %struct.rpc_xprt.196914** %52 to i8* store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %53, align 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %56 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %43, i64 0, i32 30 %57 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %56, align 8 %58 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %57, i64 0, i32 10 %59 = bitcast %struct.rpc_call_ops.196910** %58 to i64* %60 = load i64, i64* %59, align 8 %61 = bitcast %struct.rpc_call_ops.196910** %55 to i64* store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %63 = bitcast i8** %62 to %struct.nfs4_call_sync_data** store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %63, align 8 %64 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 store %struct.workqueue_struct* null, %struct.workqueue_struct** %64, align 8 %65 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 store i16 0, i16* %65, align 8 %66 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 store i8 0, i8* %66, align 2 %67 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_readdir ------------- Path:  Function:nfs4_proc_readdir %7 = alloca %struct.nfs4_call_sync_data, align 8 %8 = alloca %struct.rpc_task_setup.196956, align 8 %9 = alloca %struct.nfs4_readdir_arg, align 8 %10 = alloca %struct.nfs4_readdir_res, align 8 %11 = alloca %struct.rpc_message.196909, align 8 %12 = alloca %struct.nfs4_exception, align 8 %13 = bitcast %struct.nfs4_exception* %12 to i8* %14 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 5 store i8 1, i8* %14, align 1 %15 = zext i1 %5 to i8 %16 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %17 = bitcast %struct.nfs4_readdir_arg* %9 to i8* %18 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0 %19 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 1 %20 = bitcast %struct.nfs_fh** %19 to i64** %21 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 2 %22 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 4 %23 = bitcast i64* %21 to i8* %24 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 5 %25 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 6 %26 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 7 %27 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 8 %28 = bitcast %struct.nfs4_readdir_res* %10 to i8* %29 = bitcast %struct.rpc_message.196909* %11 to i8* %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 0 %31 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 1 %32 = bitcast i8** %31 to %struct.nfs4_readdir_arg** %33 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 2 %34 = bitcast i8** %33 to %struct.nfs4_readdir_res** %35 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %11, i64 0, i32 3 %36 = icmp ugt i64 %2, 2 %37 = bitcast %struct.page.195245** %3 to i64* %38 = icmp eq i64 %2, 2 %39 = icmp eq i64 %2, 0 %40 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 3 %41 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 3, i32 0, i64 0 %43 = bitcast i8* %42 to i64* %44 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 2 %45 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0 %46 = getelementptr inbounds %struct.nfs4_readdir_arg, %struct.nfs4_readdir_arg* %9, i64 0, i32 0, i32 0 %47 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 0, i32 0 %48 = bitcast %struct.nfs4_call_sync_data* %7 to i8* %49 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 0 %50 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 1 %51 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %7, i64 0, i32 2 %52 = bitcast %struct.rpc_task_setup.196956* %8 to i8* %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 0 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 1 %55 = bitcast %struct.rpc_clnt.196924** %54 to i64* %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 2 %57 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 4 %58 = bitcast %struct.rpc_xprt.196914** %56 to i8* %59 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 5 %60 = bitcast %struct.rpc_call_ops.196910** %59 to i64* %61 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 6 %62 = bitcast i8** %61 to %struct.nfs4_call_sync_data** %63 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 7 %64 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 8 %65 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %8, i64 0, i32 9 %66 = getelementptr inbounds %struct.nfs4_readdir_res, %struct.nfs4_readdir_res* %10, i64 0, i32 1, i32 0, i64 0 %67 = bitcast i8* %66 to i64* %68 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %12, i64 0, i32 4 br label %69 %70 = load %struct.inode.195275*, %struct.inode.195275** %16, align 8 %71 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %70, i64 0, i32 8 %72 = load %struct.super_block.195272*, %struct.super_block.195272** %71, align 8 %73 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %72, i64 0, i32 28 %74 = bitcast i8** %73 to %struct.nfs_server.215528** %75 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %74, align 32 %76 = getelementptr %struct.inode.195275, %struct.inode.195275* %70, i64 -1, i32 15, i32 1 %77 = getelementptr inbounds i64, i64* %76, i64 1 store i64* %77, i64** %20, align 8 store i32 %4, i32* %22, align 8 store %struct.page.195245** %3, %struct.page.195245*** %24, align 8 store i32 0, i32* %25, align 8 store i8 %15, i8* %27, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 29), %struct.rpc_procinfo.196908** %30, align 8 store %struct.nfs4_readdir_arg* %9, %struct.nfs4_readdir_arg** %32, align 8 store %struct.nfs4_readdir_res* %10, %struct.nfs4_readdir_res** %34, align 8 store %struct.cred* %1, %struct.cred** %35, align 8 %78 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %75, i64 0, i32 9 %79 = load i32, i32* %78, align 4 %80 = and i32 %79, 262144 %81 = icmp eq i32 %80, 0 %82 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %75, i64 0, i32 34, i64 0 %83 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %75, i64 0, i32 33, i64 0 %84 = select i1 %81, i32* %82, i32* %83 store i32* %84, i32** %26, align 8 %85 = getelementptr inbounds i64, i64* %76, i64 30 br i1 %36, label %86, label %88 br i1 %38, label %156, label %89 %90 = load i64, i64* %37, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %91 = call %struct.task_struct.195208* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.195208** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.195208**)) #10, !srcloc !5 %92 = getelementptr inbounds %struct.task_struct.195208, %struct.task_struct.195208* %91, i64 0, i32 156 %93 = load i32, i32* %92, align 16 %94 = add i32 %93, 1 store i32 %94, i32* %92, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %95 = load i64, i64* @vmemmap_base, align 8 %96 = sub i64 %90, %95 %97 = shl i64 %96, 6 %98 = load i64, i64* @page_offset_base, align 8 %99 = add i64 %97, %98 %100 = inttoptr i64 %99 to i8* %101 = inttoptr i64 %99 to i32* br i1 %39, label %102, label %127 %103 = getelementptr i8, i8* %100, i64 4 %104 = bitcast i8* %103 to i32* store i32 16777216, i32* %101, align 4 %105 = getelementptr i8, i8* %100, i64 8 %106 = bitcast i8* %105 to i32* store i32 0, i32* %104, align 4 %107 = getelementptr i8, i8* %100, i64 12 %108 = bitcast i8* %107 to i32* store i32 16777216, i32* %106, align 4 %109 = getelementptr i8, i8* %100, i64 16 store i32 16777216, i32* %108, align 4 %110 = bitcast i8* %109 to i32* store i32 46, i32* %110, align 4 %111 = getelementptr i8, i8* %100, i64 20 %112 = bitcast i8* %111 to i32* %113 = getelementptr i8, i8* %100, i64 24 %114 = bitcast i8* %113 to i32* store i32 16777216, i32* %112, align 4 %115 = getelementptr i8, i8* %100, i64 28 %116 = bitcast i8* %115 to i32* store i32 33558528, i32* %114, align 4 %117 = getelementptr i8, i8* %100, i64 32 %118 = bitcast i8* %117 to i32* store i32 201326592, i32* %116, align 4 %119 = getelementptr i8, i8* %100, i64 36 store i32 33554432, i32* %118, align 4 %120 = load %struct.inode.195275*, %struct.inode.195275** %16, align 8 %121 = getelementptr %struct.inode.195275, %struct.inode.195275* %120, i64 -1, i32 15, i32 1 %122 = load i64, i64* %121, align 8 %123 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %122) #10, !srcloc !7 %124 = bitcast i8* %119 to i64* store i64 %123, i64* %124, align 8 %125 = getelementptr i8, i8* %100, i64 44 %126 = bitcast i8* %125 to i32* br label %127 %128 = phi i32* [ %126, %102 ], [ %101, %89 ] %129 = getelementptr i32, i32* %128, i64 1 store i32 16777216, i32* %128, align 4 %130 = getelementptr i32, i32* %128, i64 2 store i32 0, i32* %129, align 4 %131 = getelementptr i32, i32* %128, i64 3 store i32 33554432, i32* %130, align 4 %132 = getelementptr i32, i32* %128, i64 4 store i32 33554432, i32* %131, align 4 store i32 11822, i32* %132, align 4 %133 = getelementptr i32, i32* %128, i64 5 %134 = getelementptr i32, i32* %128, i64 6 store i32 16777216, i32* %133, align 4 %135 = getelementptr i32, i32* %128, i64 7 store i32 33558528, i32* %134, align 4 %136 = getelementptr i32, i32* %128, i64 8 store i32 201326592, i32* %135, align 4 %137 = getelementptr i32, i32* %128, i64 9 store i32 33554432, i32* %136, align 4 %138 = load %struct.dentry.195278*, %struct.dentry.195278** %40, align 8 %139 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %138, i64 0, i32 5 %140 = load %struct.inode.195275*, %struct.inode.195275** %139, align 8 %141 = getelementptr %struct.inode.195275, %struct.inode.195275* %140, i64 -1, i32 15, i32 1 %142 = load i64, i64* %141, align 8 %143 = call i64 asm "bswapq $0", "=r,0,~{dirflag},~{fpsr},~{flags}"(i64 %142) #10, !srcloc !7 %144 = bitcast i32* %137 to i64* store i64 %143, i64* %144, align 8 %145 = getelementptr i32, i32* %128, i64 11 %146 = ptrtoint i32* %145 to i64 %147 = sub i64 %146, %99 %148 = trunc i64 %147 to i32 store i32 %148, i32* %25, align 8 %149 = load i32, i32* %22, align 8 %150 = sub i32 %149, %148 store i32 %150, i32* %22, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %151 = load i32, i32* %92, align 16 %152 = add i32 %151, -1 store i32 %152, i32* %92, align 16 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %153 = load i32, i32* %25, align 8 %154 = load i8, i8* %41, align 8 %155 = and i8 %154, -4 br label %156 %157 = phi i8 [ 0, %86 ], [ 0, %88 ], [ %155, %127 ] %158 = phi i32 [ 0, %86 ], [ 0, %88 ], [ %153, %127 ] store i32 %158, i32* %44, align 8 %159 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %75, i64 0, i32 3 %160 = bitcast %struct.rpc_clnt.196924** %159 to i64* %161 = load i64, i64* %160, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %46, align 8 store i8 %157, i8* %41, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %47, align 8 %162 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %75, i64 0, i32 0 %163 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %162, align 8 store %struct.nfs_server.215528* %75, %struct.nfs_server.215528** %49, align 8 store %struct.nfs4_sequence_args.215545* %18, %struct.nfs4_sequence_args.215545** %50, align 8 store %struct.nfs4_sequence_res.215547* %45, %struct.nfs4_sequence_res.215547** %51, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %53, align 8 store i64 %161, i64* %55, align 8 store %struct.rpc_message.196909* %11, %struct.rpc_message.196909** %57, align 8 %164 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %163, i64 0, i32 30 %165 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %164, align 8 %166 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %165, i64 0, i32 10 %167 = bitcast %struct.rpc_call_ops.196910** %166 to i64* %168 = load i64, i64* %167, align 8 store i64 %168, i64* %60, align 8 store %struct.nfs4_call_sync_data* %7, %struct.nfs4_call_sync_data** %62, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %63, align 8 store i16 0, i16* %64, align 8 store i8 0, i8* %65, align 2 %169 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %8) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 %60 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %60) #69 %61 = load i64, i64* %28, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %30, align 8 %62 = load i8, i8* %31, align 8 %63 = and i8 %62, -4 store i8 %63, i8* %31, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %32, align 8 %64 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %33, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %35, align 8 store %struct.nfs4_sequence_args.215545* %25, %struct.nfs4_sequence_args.215545** %36, align 8 store %struct.nfs4_sequence_res.215547* %29, %struct.nfs4_sequence_res.215547** %37, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %39, align 8 store i64 %61, i64* %41, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %43, align 8 %65 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %64, i64 0, i32 30 %66 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %65, align 8 %67 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %66, i64 0, i32 10 %68 = bitcast %struct.rpc_call_ops.196910** %67 to i64* %69 = load i64, i64* %68, align 8 store i64 %69, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %70 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_proc_statfs ------------- Path:  Function:nfs4_proc_statfs %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_statfs_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %17 = bitcast %struct.nfs4_statfs_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 1 %19 = bitcast %struct.rpc_message.196909* %8 to i8* %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %21 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.nfs4_server_caps_arg** %23 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %24 = bitcast i8** %23 to %struct.nfs4_statfs_res** %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %26 = getelementptr inbounds %struct.nfs_fsstat, %struct.nfs_fsstat* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_statfs_res, %struct.nfs4_statfs_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 27), %struct.rpc_procinfo.196908** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #69 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %32, align 8 %58 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %33, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %35, align 8 store %struct.nfs4_sequence_args.215545* %13, %struct.nfs4_sequence_args.215545** %36, align 8 store %struct.nfs4_sequence_res.215547* %29, %struct.nfs4_sequence_res.215547** %37, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %43, align 8 %59 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %58, i64 0, i32 30 %60 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops.196910** %61 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %64 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 %67 = ptrtoint %struct.rpc_task.196911* %64 to i64 %68 = trunc i64 %67 to i32 br label %72 %73 = phi i32 [ %68, %66 ], [ %71, %69 ] %74 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %73, %struct.nfs4_exception* nonnull %9) #70 %75 = load i8, i8* %52, align 8 %76 = and i8 %75, 8 %77 = icmp eq i8 %76, 0 br i1 %77, label %78, label %53 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsstat* %2, %struct.nfs_fsstat** %18, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 27), %struct.rpc_procinfo.196908** %20, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %22, align 8 store %struct.nfs4_statfs_res* %7, %struct.nfs4_statfs_res** %24, align 8 store %struct.cred* null, %struct.cred** %25, align 8 %54 = load %struct.nfs_fattr*, %struct.nfs_fattr** %26, align 8 call void @nfs_fattr_init(%struct.nfs_fattr* %54) #69 %55 = load i64, i64* %28, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %30, align 8 %56 = load i8, i8* %31, align 8 %57 = and i8 %56, -4 store i8 %57, i8* %31, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %32, align 8 %58 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %33, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %35, align 8 store %struct.nfs4_sequence_args.215545* %13, %struct.nfs4_sequence_args.215545** %36, align 8 store %struct.nfs4_sequence_res.215547* %29, %struct.nfs4_sequence_res.215547** %37, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %39, align 8 store i64 %55, i64* %41, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %43, align 8 %59 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %58, i64 0, i32 30 %60 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %59, align 8 %61 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %60, i64 0, i32 10 %62 = bitcast %struct.rpc_call_ops.196910** %61 to i64* %63 = load i64, i64* %62, align 8 store i64 %63, i64* %46, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %48, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %49, align 8 store i16 0, i16* %50, align 8 store i8 0, i8* %51, align 2 %64 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 io_schedule_timeout 9 mempool_alloc 10 rpc_new_task 11 rpc_run_task 12 nfs4_do_fsinfo 13 nfs4_proc_fsinfo ------------- Path:  Function:nfs4_proc_fsinfo %4 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %5 = load %struct.nfs_fattr*, %struct.nfs_fattr** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %5) #69 %6 = tail call fastcc i32 @nfs4_do_fsinfo(%struct.nfs_server.215528* %0, %struct.nfs_fh* %1, %struct.nfs_fsinfo* %2) #70 Function:nfs4_do_fsinfo %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_fsinfo_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %15 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %16 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %17 = bitcast %struct.nfs4_fsinfo_res* %7 to i8* %18 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 1 %19 = bitcast i64* %18 to i8* %20 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 1 %21 = bitcast %struct.rpc_message.196909* %8 to i8* %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %23 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %24 = bitcast i8** %23 to %struct.nfs4_server_caps_arg** %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.nfs4_fsinfo_res** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %28 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %29 = bitcast %struct.rpc_clnt.196924** %28 to i64* %30 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %32 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %33 = getelementptr inbounds %struct.nfs4_fsinfo_res, %struct.nfs4_fsinfo_res* %7, i64 0, i32 0, i32 0 %34 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %35 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %39 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %41 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %42 = bitcast %struct.rpc_clnt.196924** %41 to i64* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %45 = bitcast %struct.rpc_xprt.196914** %43 to i8* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %47 = bitcast %struct.rpc_call_ops.196910** %46 to i64* %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %49 = bitcast i8** %48 to %struct.nfs4_call_sync_data** %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %53 = getelementptr inbounds %struct.nfs_fsinfo, %struct.nfs_fsinfo* %2, i64 0, i32 0 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 10), %struct.rpc_procinfo.196908** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %33, align 8 %57 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %34, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %36, align 8 store %struct.nfs4_sequence_args.215545* %13, %struct.nfs4_sequence_args.215545** %37, align 8 store %struct.nfs4_sequence_res.215547* %30, %struct.nfs4_sequence_res.215547** %38, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %44, align 8 %58 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %57, i64 0, i32 30 %59 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %58, align 8 %60 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %59, i64 0, i32 10 %61 = bitcast %struct.rpc_call_ops.196910** %60 to i64* %62 = load i64, i64* %61, align 8 store i64 %62, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 0, i16* %51, align 8 store i8 0, i8* %52, align 2 %63 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 %66 = ptrtoint %struct.rpc_task.196911* %63 to i64 %67 = trunc i64 %66 to i32 br label %71 %72 = phi i32 [ %67, %65 ], [ %70, %68 ] %73 = load %struct.nfs_fattr*, %struct.nfs_fattr** %53, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_fsinfo to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_do_fsinfo, %74)) #6 to label %96 [label %74], !srcloc !4 %97 = icmp eq i32 %72, 0 br i1 %97, label %98, label %104 %105 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %72, %struct.nfs4_exception* nonnull %9) #70 %106 = load i8, i8* %54, align 8 %107 = and i8 %106, 8 %108 = icmp eq i8 %107, 0 br i1 %108, label %109, label %55 store %struct.nfs_fh* %1, %struct.nfs_fh** %14, align 8 store i32* %16, i32** %15, align 8 store %struct.nfs_fsinfo* %2, %struct.nfs_fsinfo** %20, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 10), %struct.rpc_procinfo.196908** %22, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %24, align 8 store %struct.nfs4_fsinfo_res* %7, %struct.nfs4_fsinfo_res** %26, align 8 store %struct.cred* null, %struct.cred** %27, align 8 %56 = load i64, i64* %29, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %31, align 8 store i8 0, i8* %32, align 8 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %33, align 8 %57 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %34, align 8 store %struct.nfs_server.215528* %0, %struct.nfs_server.215528** %36, align 8 store %struct.nfs4_sequence_args.215545* %13, %struct.nfs4_sequence_args.215545** %37, align 8 store %struct.nfs4_sequence_res.215547* %30, %struct.nfs4_sequence_res.215547** %38, align 8 store %struct.rpc_task.196911* null, %struct.rpc_task.196911** %40, align 8 store i64 %56, i64* %42, align 8 store %struct.rpc_message.196909* %8, %struct.rpc_message.196909** %44, align 8 %58 = getelementptr inbounds %struct.nfs_client.215594, %struct.nfs_client.215594* %57, i64 0, i32 30 %59 = load %struct.nfs4_minor_version_ops.215603*, %struct.nfs4_minor_version_ops.215603** %58, align 8 %60 = getelementptr inbounds %struct.nfs4_minor_version_ops.215603, %struct.nfs4_minor_version_ops.215603* %59, i64 0, i32 10 %61 = bitcast %struct.rpc_call_ops.196910** %60 to i64* %62 = load i64, i64* %61, align 8 store i64 %62, i64* %47, align 8 store %struct.nfs4_call_sync_data* %4, %struct.nfs4_call_sync_data** %49, align 8 store %struct.workqueue_struct* null, %struct.workqueue_struct** %50, align 8 store i16 0, i16* %51, align 8 store i8 0, i8* %52, align 2 %63 = call %struct.rpc_task.196911* bitcast (%struct.rpc_task* (%struct.rpc_task_setup*)* @rpc_run_task to %struct.rpc_task.196911* (%struct.rpc_task_setup.196956*)*)(%struct.rpc_task_setup.196956* nonnull %5) #69 Function:rpc_run_task %2 = tail call %struct.rpc_task* bitcast (%struct.rpc_task.809048* (%struct.rpc_task_setup.809897*)* @rpc_new_task to %struct.rpc_task* (%struct.rpc_task_setup*)*)(%struct.rpc_task_setup* %0) #69 Function:rpc_new_task %2 = getelementptr inbounds %struct.rpc_task_setup.809897, %struct.rpc_task_setup.809897* %0, i64 0, i32 0 %3 = load %struct.rpc_task.809048*, %struct.rpc_task.809048** %2, align 8 %4 = icmp eq %struct.rpc_task.809048* %3, null br i1 %4, label %5, label %9 %6 = load %struct.mempool_s*, %struct.mempool_s** @rpc_task_mempool, align 8 %7 = tail call noalias i8* @mempool_alloc(%struct.mempool_s* %6, i32 3136) #69 Function:mempool_alloc %3 = alloca %struct.wait_queue_entry, align 8 %4 = bitcast %struct.wait_queue_entry* %3 to i8* %5 = and i32 %1, 1024 %6 = icmp eq i32 %5, 0 br i1 %6, label %9, label %7 %10 = or i32 %1, 598016 %11 = and i32 %10, -1089 %12 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 5 %13 = load i8* (i32, i8*)*, i8* (i32, i8*)** %12, align 8 %14 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 4 %15 = load i8*, i8** %14, align 8 %16 = call i8* %13(i32 %11, i8* %15) #69 %17 = icmp eq i8* %16, null br i1 %17, label %18, label %62, !prof !4, !misexpect !5 %19 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 0, i32 0, i32 0 %20 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 2 %21 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %22 = bitcast i8** %21 to %struct.task_struct** %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %25 = ptrtoint %struct.list_head* %24 to i64 %26 = bitcast %struct.list_head* %24 to i64* %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %29 = getelementptr inbounds %struct.mempool_s, %struct.mempool_s* %0, i64 0, i32 7 br label %30 %31 = phi i32 [ %11, %18 ], [ %10, %48 ] %32 = icmp eq i32 %31, %10 br label %33 %34 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %19) #69 %35 = load i32, i32* %20, align 8 %36 = icmp eq i32 %35, 0 br i1 %36, label %47, label %37, !prof !4, !misexpect !5 br i1 %32, label %53, label %48 br i1 %6, label %54, label %55 %56 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !11 store %struct.task_struct* %56, %struct.task_struct** %22, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %23, align 8 store volatile i64 %25, i64* %26, align 8 store %struct.list_head* %24, %struct.list_head** %27, align 8 store i32 0, i32* %28, align 8 call void @prepare_to_wait(%struct.wait_queue_head* %29, %struct.wait_queue_entry* nonnull %3, i32 2) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %19, i64 %34) #69 %57 = call i64 @io_schedule_timeout(i64 5000) #69 Function:io_schedule_timeout %2 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 45 %4 = load i8, i8* %3, align 8 %5 = or i8 %4, 2 store i8 %5, i8* %3, align 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %2, i64 0, i32 111 %7 = load %struct.blk_plug*, %struct.blk_plug** %6, align 8 %8 = icmp eq %struct.blk_plug* %7, null br i1 %8, label %10, label %9 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %7, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_flush_complete_seq 1 blk_insert_flush 2 blk_mq_sched_insert_request 3 __blk_mq_try_issue_directly 4 blk_mq_try_issue_list_directly 5 blk_mq_sched_insert_requests 6 blk_mq_flush_plug_list 7 blk_flush_plug_list 8 wakeup_flusher_threads 9 ksys_sync 10 __x64_sys_sync ------------- Path:  Function:__x64_sys_sync tail call void @ksys_sync() #69 Function:ksys_sync %1 = alloca i32, align 4 %2 = alloca i32, align 4 %3 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %4 = bitcast i32* %2 to i8* store i32 1, i32* %2, align 4 tail call void @wakeup_flusher_threads(i32 2) #69 Function:wakeup_flusher_threads %2 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %2, i64 0, i32 111 %4 = load %struct.blk_plug*, %struct.blk_plug** %3, align 8 %5 = icmp eq %struct.blk_plug* %4, null br i1 %5, label %19, label %6 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %4, i64 0, i32 0 %8 = bitcast %struct.blk_plug* %4 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %12, label %18 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %4, i64 0, i32 1 %14 = bitcast %struct.list_head* %13 to i64* %15 = load volatile i64, i64* %14, align 8 %16 = inttoptr i64 %15 to %struct.list_head* %17 = icmp eq %struct.list_head* %13, %16 br i1 %17, label %19, label %18 tail call void @blk_flush_plug_list(%struct.blk_plug* nonnull %4, i1 zeroext true) #69 Function:blk_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = bitcast %struct.list_head* %3 to i8* %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1 %8 = bitcast %struct.list_head* %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.list_head* %11 = icmp eq %struct.list_head* %7, %10 br i1 %11, label %47, label %12 %13 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 1, i32 1 %14 = ptrtoint %struct.list_head* %7 to i64 %15 = bitcast %struct.list_head* %3 to i64* br label %20 %21 = load volatile i64, i64* %8, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %7, %22 br i1 %23, label %28, label %24 %25 = load %struct.list_head*, %struct.list_head** %13, align 8 %26 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %26, align 8 store %struct.list_head* %22, %struct.list_head** %5, align 8 %27 = getelementptr inbounds %struct.list_head, %struct.list_head* %25, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %27, align 8 store %struct.list_head* %25, %struct.list_head** %6, align 8 store volatile i64 %14, i64* %8, align 8 store %struct.list_head* %7, %struct.list_head** %13, align 8 br label %28 %29 = load volatile i64, i64* %15, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %3, %30 br i1 %31, label %16, label %32 %33 = phi i64 [ %44, %32 ], [ %29, %28 ] %34 = inttoptr i64 %33 to %struct.blk_plug_cb* %35 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 1 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 0, i32 0 %38 = load %struct.list_head*, %struct.list_head** %37, align 8 %39 = getelementptr inbounds %struct.list_head, %struct.list_head* %38, i64 0, i32 1 store %struct.list_head* %36, %struct.list_head** %39, align 8 %40 = ptrtoint %struct.list_head* %38 to i64 %41 = bitcast %struct.list_head* %36 to i64* store volatile i64 %40, i64* %41, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %37, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %35, align 8 %42 = getelementptr inbounds %struct.blk_plug_cb, %struct.blk_plug_cb* %34, i64 0, i32 1 %43 = load void (%struct.blk_plug_cb*, i1)*, void (%struct.blk_plug_cb*, i1)** %42, align 8 call void %43(%struct.blk_plug_cb* %34, i1 zeroext %1) #69 %44 = load volatile i64, i64* %15, align 8 %45 = inttoptr i64 %44 to %struct.list_head* %46 = icmp eq %struct.list_head* %3, %45 br i1 %46, label %16, label %32 %17 = load volatile i64, i64* %8, align 8 %18 = inttoptr i64 %17 to %struct.list_head* %19 = icmp eq %struct.list_head* %7, %18 br i1 %19, label %47, label %20 %48 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %49 = bitcast %struct.blk_plug* %0 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.list_head* %52 = icmp eq %struct.list_head* %48, %51 br i1 %52, label %54, label %53 call void @blk_mq_flush_plug_list(%struct.blk_plug* %0, i1 zeroext %1) #69 Function:blk_mq_flush_plug_list %3 = alloca %struct.list_head, align 8 %4 = alloca %struct.list_head, align 8 %5 = bitcast %struct.list_head* %3 to i8* %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 0 store %struct.list_head* %3, %struct.list_head** %6, align 8 %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %3, i64 0, i32 1 store %struct.list_head* %3, %struct.list_head** %7, align 8 %8 = bitcast %struct.list_head* %4 to i8* %9 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 0 store %struct.list_head* %4, %struct.list_head** %9, align 8 %10 = getelementptr inbounds %struct.list_head, %struct.list_head* %4, i64 0, i32 1 store %struct.list_head* %4, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 0 %12 = bitcast %struct.blk_plug* %0 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %11, %14 br i1 %15, label %22, label %16 %23 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 2 %24 = load i16, i16* %23, align 8 %25 = icmp ugt i16 %24, 2 br i1 %25, label %26, label %31 %27 = getelementptr inbounds %struct.blk_plug, %struct.blk_plug* %0, i64 0, i32 3 %28 = load i8, i8* %27, align 2, !range !4 %29 = icmp eq i8 %28, 0 br i1 %29, label %31, label %30 store i16 0, i16* %23, align 8 %32 = bitcast %struct.list_head* %3 to i64* %33 = load volatile i64, i64* %32, align 8 %34 = inttoptr i64 %33 to %struct.list_head* %35 = icmp eq %struct.list_head* %3, %34 br i1 %35, label %143, label %36 %37 = xor i1 %1, true %38 = bitcast %struct.list_head** %10 to i8** br label %39 %40 = phi i64 [ %33, %36 ], [ %113, %105 ] %41 = phi %struct.blk_mq_hw_ctx.272919* [ null, %36 ], [ %109, %105 ] %42 = phi %struct.blk_mq_ctx.272921* [ null, %36 ], [ %108, %105 ] %43 = phi i32 [ 0, %36 ], [ %110, %105 ] %44 = phi %struct.request_queue.272970* [ null, %36 ], [ %106, %105 ] %45 = inttoptr i64 %40 to i8* %46 = getelementptr i8, i8* %45, i64 -72 %47 = getelementptr inbounds i8, i8* %45, i64 8 %48 = bitcast i8* %47 to %struct.list_head** %49 = load %struct.list_head*, %struct.list_head** %48, align 8 %50 = inttoptr i64 %40 to %struct.list_head** %51 = load %struct.list_head*, %struct.list_head** %50, align 8 %52 = getelementptr inbounds %struct.list_head, %struct.list_head* %51, i64 0, i32 1 store %struct.list_head* %49, %struct.list_head** %52, align 8 %53 = ptrtoint %struct.list_head* %51 to i64 %54 = bitcast %struct.list_head* %49 to i64* store volatile i64 %53, i64* %54, align 8 %55 = inttoptr i64 %40 to i64* store volatile i64 %40, i64* %55, align 8 %56 = bitcast i8* %47 to i8** store i8* %45, i8** %56, align 8 %57 = bitcast i8* %46 to %struct.request_queue.272970** %58 = load %struct.request_queue.272970*, %struct.request_queue.272970** %57, align 8 %59 = icmp eq %struct.request_queue.272970* %58, null br i1 %59, label %60, label %61, !prof !5, !misexpect !6 %62 = getelementptr i8, i8* %45, i64 -56 %63 = bitcast i8* %62 to %struct.blk_mq_hw_ctx.272919** %64 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %63, align 8 %65 = icmp eq %struct.blk_mq_hw_ctx.272919* %64, %41 br i1 %65, label %66, label %71 %67 = getelementptr i8, i8* %45, i64 -64 %68 = bitcast i8* %67 to %struct.blk_mq_ctx.272921** %69 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %68, align 8 %70 = icmp eq %struct.blk_mq_ctx.272921* %69, %42 br i1 %70, label %105, label %71 %72 = icmp eq %struct.blk_mq_hw_ctx.272919* %41, null br i1 %72, label %99, label %73 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_block_unplug to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@blk_mq_flush_plug_list, %74)) #6 to label %96 [label %74], !srcloc !9 call void @blk_mq_sched_insert_requests(%struct.blk_mq_hw_ctx.272919* nonnull %41, %struct.blk_mq_ctx.272921* %42, %struct.list_head* nonnull %4, i1 zeroext %1) #69 Function:blk_mq_sched_insert_requests %5 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 7 %6 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %6, i64 0, i32 56, i32 1 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 3 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %14, !prof !5, !misexpect !6 %13 = inttoptr i64 %9 to i64* tail call void asm sideeffect "addq $1, %gs:$0", "=*m,re,*m,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 1, i64* %13) #6, !srcloc !7 br label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %17 = load %struct.request_queue.272970*, %struct.request_queue.272970** %5, align 8 %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %17, i64 0, i32 1 %19 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %18, align 8 %20 = icmp eq %struct.elevator_queue.272946* %19, null br i1 %20, label %28, label %21 %29 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 12 %30 = load i32, i32* %29, align 16 %31 = icmp ne i32 %30, 0 %32 = or i1 %31, %3 br i1 %32, label %38, label %33 tail call void @blk_mq_try_issue_list_directly(%struct.blk_mq_hw_ctx.272919* %0, %struct.list_head* %2) #69 Function:blk_mq_try_issue_list_directly %3 = alloca i32, align 4 %4 = bitcast %struct.list_head* %1 to i64* %5 = load volatile i64, i64* %4, align 8 %6 = inttoptr i64 %5 to %struct.list_head* %7 = icmp eq %struct.list_head* %6, %1 br i1 %7, label %81, label %8 %9 = bitcast i32* %3 to i8* br label %10 %11 = phi i64 [ %5, %8 ], [ %78, %77 ] %12 = inttoptr i64 %11 to i8* %13 = getelementptr i8, i8* %12, i64 -72 %14 = bitcast i8* %13 to %struct.request.272936* %15 = getelementptr i8, i8* %12, i64 8 %16 = bitcast i8* %15 to %struct.list_head** %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = inttoptr i64 %11 to %struct.list_head** %19 = load %struct.list_head*, %struct.list_head** %18, align 8 %20 = getelementptr inbounds %struct.list_head, %struct.list_head* %19, i64 0, i32 1 store %struct.list_head* %17, %struct.list_head** %20, align 8 %21 = ptrtoint %struct.list_head* %19 to i64 %22 = bitcast %struct.list_head* %17 to i64* store volatile i64 %21, i64* %22, align 8 %23 = inttoptr i64 %11 to i64* store volatile i64 %11, i64* %23, align 8 %24 = bitcast i8* %15 to i8** store i8* %12, i8** %24, align 8 %25 = load volatile i64, i64* %4, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %26, %1 %28 = getelementptr i8, i8* %12, i64 -56 %29 = bitcast i8* %28 to %struct.blk_mq_hw_ctx.272919** %30 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 5 %32 = load i64, i64* %31, align 8 %33 = and i64 %32, 32 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %36 %37 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %30, i64 0, i32 35, i64 0 %38 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* %37) #69 br label %39 %40 = phi i32 [ 0, %35 ], [ %38, %36 ] %41 = call fastcc zeroext i8 @__blk_mq_try_issue_directly(%struct.blk_mq_hw_ctx.272919* %30, %struct.request.272936* %14, i32* nonnull %3, i1 zeroext true, i1 zeroext %27) #69 Function:__blk_mq_try_issue_directly %6 = alloca %struct.blk_mq_queue_data.272950, align 8 %7 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %1, i64 0, i32 0 %8 = load %struct.request_queue.272970*, %struct.request_queue.272970** %7, align 8 %9 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %0, i64 0, i32 0, i32 2 %10 = load volatile i64, i64* %9, align 8 %11 = and i64 %10, 1 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %112 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %8, i64 0, i32 14 %15 = load volatile i64, i64* %14, align 8 %16 = and i64 %15, 16777216 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %112 %113 = phi i1 [ true, %111 ], [ true, %42 ], [ false, %13 ], [ false, %5 ] tail call void @blk_mq_sched_insert_request(%struct.request.272936* %1, i1 zeroext false, i1 zeroext %113, i1 zeroext false) #69 Function:blk_mq_sched_insert_request %5 = alloca %struct.list_head, align 8 %6 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 0 %7 = load %struct.request_queue.272970*, %struct.request_queue.272970** %6, align 8 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %7, i64 0, i32 1 %9 = load %struct.elevator_queue.272946*, %struct.elevator_queue.272946** %8, align 8 %10 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 1 %11 = load %struct.blk_mq_ctx.272921*, %struct.blk_mq_ctx.272921** %10, align 8 %12 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 2 %13 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %12, align 8 %14 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 16 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %24 %19 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %0, i64 0, i32 3 %20 = load i32, i32* %19, align 8 %21 = and i32 %20, 393216 %22 = icmp eq i32 %21, 0 br i1 %22, label %24, label %23 tail call void bitcast (void (%struct.request.273801*)* @blk_insert_flush to void (%struct.request.272936*)*)(%struct.request.272936* %0) #69 Function:blk_insert_flush %2 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %3 = load %struct.request_queue.273831*, %struct.request_queue.273831** %2, align 8 %4 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %3, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = icmp ult i32 %7, 512 %9 = select i1 %8, i32 0, i32 2 %10 = and i64 %5, 131072 %11 = icmp eq i64 %10, 0 %12 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %16 %15 = and i64 %5, 262144 br label %26 %27 = phi i64 [ %15, %14 ], [ %20, %16 ], [ 0, %22 ] %28 = phi i32 [ %9, %14 ], [ %19, %16 ], [ %25, %22 ] %29 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 1 %30 = load %struct.blk_mq_ctx.273793*, %struct.blk_mq_ctx.273793** %29, align 8 %31 = getelementptr inbounds %struct.blk_mq_ctx.273793, %struct.blk_mq_ctx.273793* %30, i64 0, i32 3, i64 0 %32 = load %struct.blk_mq_hw_ctx.273791*, %struct.blk_mq_hw_ctx.273791** %31, align 8 %33 = getelementptr inbounds %struct.blk_mq_hw_ctx.273791, %struct.blk_mq_hw_ctx.273791* %32, i64 0, i32 8 %34 = load %struct.blk_flush_queue.273784*, %struct.blk_flush_queue.273784** %33, align 64 %35 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %36 = icmp eq i64 %27, 0 %37 = select i1 %36, i32 -395265, i32 -264193 %38 = and i32 %13, %37 %39 = or i32 %38, 2048 store i32 %39, i32* %35, align 8 %40 = icmp eq i32 %28, 0 br i1 %40, label %41, label %42 %43 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %44 = load %struct.bio.274040*, %struct.bio.274040** %43, align 8 %45 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %46 = load %struct.bio.274040*, %struct.bio.274040** %45, align 8 %47 = icmp eq %struct.bio.274040* %44, %46 br i1 %47, label %49, label %48, !prof !4, !misexpect !5 %50 = and i32 %28, 7 %51 = icmp eq i32 %50, 2 br i1 %51, label %52, label %53 %54 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0 %55 = bitcast %struct.anon.71.273796* %54 to i8* %56 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %57 = ptrtoint %struct.list_head* %56 to i64 %58 = bitcast %struct.list_head* %56 to i64* store volatile i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 store %struct.list_head* %56, %struct.list_head** %59, align 8 %60 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %61 = load i32, i32* %60, align 4 %62 = or i32 %61, 16 store i32 %62, i32* %60, align 4 %63 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %64 = bitcast void (%struct.request.273801*, i8)** %63 to i64* %65 = load i64, i64* %64, align 8 %66 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %67 = bitcast void (%struct.request.273801*, i8)** %66 to i64* store i64 %65, i64* %67, align 8 store void (%struct.request.273801*, i8)* @mq_flush_data_end_io, void (%struct.request.273801*, i8)** %63, align 8 %68 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %34, i64 0, i32 8 %69 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %68, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %69) #69 %70 = xor i32 %50, 7 tail call fastcc void @blk_flush_complete_seq(%struct.request.273801* %0, %struct.blk_flush_queue.273784* %34, i32 %70, i8 zeroext 0) #70 Function:blk_flush_complete_seq %5 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 0 %6 = load %struct.request_queue.273831*, %struct.request_queue.273831** %5, align 8 %7 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 0 %8 = load i8, i8* %7, align 8 %9 = lshr i8 %8, 1 %10 = and i8 %9, 1 %11 = zext i8 %10 to i64 %12 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %11 %13 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, %2 %16 = icmp eq i32 %15, 0 br i1 %16, label %18, label %17, !prof !4, !misexpect !5 %19 = or i32 %14, %2 store i32 %19, i32* %13, align 8 %20 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 3 %21 = load i32, i32* %20, align 8 %22 = icmp eq i8 %3, 0 br i1 %22, label %23, label %64, !prof !4, !misexpect !8 %65 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 11 %66 = bitcast %struct.list_head* %65 to i64* %67 = load volatile i64, i64* %66, align 8 %68 = inttoptr i64 %67 to %struct.list_head* %69 = icmp eq %struct.list_head* %65, %68 br i1 %69, label %71, label %70, !prof !4, !misexpect !5 %72 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1 %73 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 1, i32 1 %74 = load %struct.list_head*, %struct.list_head** %73, align 8 %75 = getelementptr inbounds %struct.list_head, %struct.list_head* %72, i64 0, i32 0 %76 = load %struct.list_head*, %struct.list_head** %75, align 8 %77 = getelementptr inbounds %struct.list_head, %struct.list_head* %76, i64 0, i32 1 store %struct.list_head* %74, %struct.list_head** %77, align 8 %78 = ptrtoint %struct.list_head* %76 to i64 %79 = bitcast %struct.list_head* %74 to i64* store volatile i64 %78, i64* %79, align 8 %80 = ptrtoint %struct.list_head* %72 to i64 %81 = bitcast %struct.list_head* %72 to i64* store volatile i64 %80, i64* %81, align 8 store %struct.list_head* %72, %struct.list_head** %73, align 8 %82 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 10 %83 = bitcast %struct.bio.274040** %82 to i64* %84 = load i64, i64* %83, align 8 %85 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 9 %86 = bitcast %struct.bio.274040** %85 to i64* store i64 %84, i64* %86, align 8 %87 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 4 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, -17 store i32 %89, i32* %87, align 4 %90 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 14, i32 0, i32 2 %91 = bitcast void (%struct.request.273801*, i8)** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.request.273801, %struct.request.273801* %0, i64 0, i32 29 %94 = bitcast void (%struct.request.273801*, i8)** %93 to i64* store i64 %92, i64* %94, align 8 tail call void bitcast (void (%struct.request.272936*, i8)* @blk_mq_end_request to void (%struct.request.273801*, i8)*)(%struct.request.273801* %0, i8 zeroext %3) #69 br label %96 %97 = load i8, i8* %7, align 8 %98 = lshr i8 %97, 1 %99 = and i8 %98, 1 %100 = zext i8 %99 to i64 %101 = getelementptr %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 3, i64 %100 %102 = bitcast %struct.list_head* %101 to i8** %103 = load i8*, i8** %102, align 8 %104 = getelementptr i8, i8* %103, i64 -136 %105 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 5 %106 = load %struct.request.273801*, %struct.request.273801** %105, align 8 %107 = lshr i8 %97, 2 %108 = and i8 %107, 1 %109 = icmp eq i8 %99, %108 br i1 %109, label %110, label %180 %111 = bitcast %struct.list_head* %101 to i64* %112 = load volatile i64, i64* %111, align 8 %113 = inttoptr i64 %112 to %struct.list_head* %114 = icmp eq %struct.list_head* %101, %113 br i1 %114, label %180, label %115 %116 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 4 %117 = bitcast %struct.list_head* %116 to i64* %118 = load volatile i64, i64* %117, align 8 %119 = inttoptr i64 %118 to %struct.list_head* %120 = icmp eq %struct.list_head* %116, %119 br i1 %120, label %132, label %121 %122 = getelementptr inbounds %struct.request_queue.273831, %struct.request_queue.273831* %6, i64 0, i32 1 %123 = load %struct.elevator_queue.273811*, %struct.elevator_queue.273811** %122, align 8 %124 = icmp eq %struct.elevator_queue.273811* %123, null br i1 %124, label %132, label %125 %126 = load volatile i64, i64* @jiffies, align 64 %127 = getelementptr inbounds %struct.blk_flush_queue.273784, %struct.blk_flush_queue.273784* %1, i64 0, i32 2 %128 = load i64, i64* %127, align 8 %129 = add i64 %126, -5000 %130 = sub i64 %129, %128 %131 = icmp slt i64 %130, 0 br i1 %131, label %180, label %132 %133 = xor i8 %97, 2 store i8 %133, i8* %7, align 8 tail call void bitcast (void (%struct.request_queue.272970*, %struct.request.272936*)* @blk_rq_init to void (%struct.request_queue.273831*, %struct.request.273801*)*)(%struct.request_queue.273831* %6, %struct.request.273801* %106) #69 ------------- Good: 367 Bad: 28 Ignored: 557 Check Use of Function:device_reset Check Use of Function:scsi_try_bus_reset Check Use of Function:scsi_run_host_queues Check Use of Function:scsi_autopm_put_host Check Use of Function:ldsem_up_write Check Use of Function:ldsem_down_write Check Use of Function:tty_ldisc_get Check Use of Function:panic Use: =BAD PATH= Call Stack: 0 snd_disconnect_release ------------- Path:  Function:snd_disconnect_release tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @shutdown_lock, i64 0, i32 0, i32 0)) #69 %3 = load i8*, i8** bitcast (%struct.list_head* @shutdown_files to i8**), align 8 %4 = icmp eq i8* %3, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %4, label %28, label %5 %6 = phi i8* [ %26, %24 ], [ %3, %2 ] %7 = getelementptr i8, i8* %6, i64 -16 %8 = bitcast i8* %7 to %struct.file** %9 = load %struct.file*, %struct.file** %8, align 8 %10 = icmp eq %struct.file* %9, %1 br i1 %10, label %11, label %24 %25 = bitcast i8* %6 to i8** %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, bitcast (%struct.list_head* @shutdown_files to i8*) br i1 %27, label %28, label %5 %29 = phi %struct.snd_monitor_file* [ %12, %11 ], [ null, %2 ], [ null, %24 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @shutdown_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = icmp eq %struct.snd_monitor_file* %29, null br i1 %30, label %50, label %31, !prof !6, !misexpect !7 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.16.56454, i64 0, i64 0), i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_disconnect_release, i64 0, i64 0), %struct.inode* %0, %struct.file* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __compat_sys_getsockopt 4 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %207 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %208 = load i32, i32* %207, align 8 %209 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = inttoptr i64 %211 to i8* %213 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %214 = load i32, i32* %213, align 16 %215 = zext i32 %214 to i64 %216 = inttoptr i64 %215 to i32* %217 = call fastcc i32 @__compat_sys_getsockopt(i32 %89, i32 %91, i32 %208, i8* %212, i32* %216) #69 Function:__compat_sys_getsockopt %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* %8 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %6) #69 %9 = icmp eq %struct.socket.250973* %8, null br i1 %9, label %32, label %10 %11 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %8, i32 %1, i32 %2) #69 store i32 %11, i32* %6, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %29 %14 = icmp eq i32 %1, 1 br i1 %14, label %15, label %17 %16 = call i32 @sock_getsockopt(%struct.socket.250973* nonnull %8, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __compat_sys_getsockopt 4 __ia32_compat_sys_getsockopt ------------- Path:  Function:__ia32_compat_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__compat_sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__compat_sys_getsockopt %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* %8 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %6) #69 %9 = icmp eq %struct.socket.250973* %8, null br i1 %9, label %32, label %10 %11 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %8, i32 %1, i32 %2) #69 store i32 %11, i32* %6, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %29 %14 = icmp eq i32 %1, 1 br i1 %14, label %15, label %17 %16 = call i32 @sock_getsockopt(%struct.socket.250973* nonnull %8, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __se_sys_socketcall 5 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %198 = trunc i64 %39 to i32 %199 = trunc i64 %41 to i32 %200 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %201 = load i64, i64* %200, align 16 %202 = trunc i64 %201 to i32 %203 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %204 = bitcast i64* %203 to i8** %205 = load i8*, i8** %204, align 8 %206 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %207 = bitcast i64* %206 to i32** %208 = load i32*, i32** %207, align 16 %209 = call fastcc i32 @__sys_getsockopt(i32 %198, i32 %199, i32 %202, i8* %205, i32* %208) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.250940* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 3 %13 = load %struct.file_operations.250931*, %struct.file_operations.250931** %12, align 8 %14 = icmp eq %struct.file_operations.250931* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.250973** %18 = load %struct.socket.250973*, %struct.socket.250973** %17, align 8 %19 = icmp eq %struct.socket.250973* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.250973* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __se_sys_socketcall 5 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %198 = trunc i64 %39 to i32 %199 = trunc i64 %41 to i32 %200 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %201 = load i64, i64* %200, align 16 %202 = trunc i64 %201 to i32 %203 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %204 = bitcast i64* %203 to i8** %205 = load i8*, i8** %204, align 8 %206 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %207 = bitcast i64* %206 to i32** %208 = load i32*, i32** %207, align 16 %209 = call fastcc i32 @__sys_getsockopt(i32 %198, i32 %199, i32 %202, i8* %205, i32* %208) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.250940* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 3 %13 = load %struct.file_operations.250931*, %struct.file_operations.250931** %12, align 8 %14 = icmp eq %struct.file_operations.250931* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.250973** %18 = load %struct.socket.250973*, %struct.socket.250973** %17, align 8 %19 = icmp eq %struct.socket.250973* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.250973* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __ia32_sys_getsockopt ------------- Path:  Function:__ia32_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.250940* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 3 %13 = load %struct.file_operations.250931*, %struct.file_operations.250931** %12, align 8 %14 = icmp eq %struct.file_operations.250931* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.250973** %18 = load %struct.socket.250973*, %struct.socket.250973** %17, align 8 %19 = icmp eq %struct.socket.250973* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.250973* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 sock_getsockopt 3 __sys_getsockopt 4 __x64_sys_getsockopt ------------- Path:  Function:__x64_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to i32** %13 = load i32*, i32** %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = tail call fastcc i32 @__sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %10, i32* %13) #69 Function:__sys_getsockopt %6 = tail call i64 @__fdget(i32 %0) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.250940* %9 = trunc i64 %6 to i32 %10 = icmp eq i64 %7, 0 br i1 %10, label %45, label %11 %12 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 3 %13 = load %struct.file_operations.250931*, %struct.file_operations.250931** %12, align 8 %14 = icmp eq %struct.file_operations.250931* %13, @socket_file_ops br i1 %14, label %15, label %20 %16 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %8, i64 0, i32 16 %17 = bitcast i8** %16 to %struct.socket.250973** %18 = load %struct.socket.250973*, %struct.socket.250973** %17, align 8 %19 = icmp eq %struct.socket.250973* %18, null br i1 %19, label %20, label %25, !prof !4, !misexpect !5 %26 = and i32 %9, 1 %27 = tail call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_getsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %18, i32 %1, i32 %2) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %39 %30 = icmp eq i32 %1, 1 br i1 %30, label %31, label %33 %32 = tail call i32 @sock_getsockopt(%struct.socket.250973* nonnull %18, i32 1, i32 %2, i8* %3, i32* %4) #69 Function:sock_getsockopt %6 = alloca [16 x i8], align 16 %7 = alloca %union.anon.53, align 8 %8 = alloca %struct.kernel_symbol, align 4 %9 = alloca [128 x i8], align 16 %10 = alloca [9 x i32], align 16 %11 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %12 = load %struct.sock.250976*, %struct.sock.250976** %11, align 8 %13 = bitcast %union.anon.53* %7 to i8* %15 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %4, i64 4, i64 %14) #6, !srcloc !4 %16 = extractvalue { i32*, i64, i64 } %15, 0 %17 = extractvalue { i32*, i64, i64 } %15, 1 %18 = extractvalue { i32*, i64, i64 } %15, 2 %19 = ptrtoint i32* %16 to i64 %20 = trunc i64 %17 to i32 %21 = and i64 %19, 4294967295 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %595, !prof !5, !misexpect !6 %24 = icmp slt i32 %20, 0 br i1 %24, label %595, label %25 switch i32 %2, label %595 [ i32 1, label %26 i32 5, label %33 i32 6, label %40 i32 7, label %47 i32 8, label %51 i32 2, label %55 i32 15, label %61 i32 9, label %68 i32 3, label %75 i32 38, label %80 i32 39, label %86 i32 4, label %91 i32 10, label %105 i32 11, label %112 i32 12, label %118 i32 13, label %122 i32 14, label %135 i32 29, label %148 i32 35, label %166 i32 63, label %180 i32 64, label %193 i32 37, label %206 i32 20, label %211 i32 66, label %211 i32 21, label %238 i32 67, label %238 i32 18, label %265 i32 19, label %269 i32 16, label %271 i32 17, label %278 i32 59, label %311 i32 28, label %367 i32 30, label %388 i32 34, label %394 i32 31, label %401 i32 36, label %403 i32 40, label %407 i32 41, label %414 i32 42, label %421 i32 43, label %431 i32 25, label %438 i32 26, label %467 i32 44, label %471 i32 48, label %478 i32 45, label %480 i32 46, label %487 i32 47, label %491 i32 49, label %504 i32 55, label %508 i32 56, label %543 i32 57, label %549 i32 60, label %554 i32 61, label %561 i32 62, label %572 ] %312 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 55 %313 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %312, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %313) #69 %314 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %12, i64 0, i32 57 %315 = load %struct.cred*, %struct.cred** %314, align 8 %316 = icmp eq %struct.cred* %315, null br i1 %316, label %593, label %317 %318 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 24 %319 = bitcast %union.anon.49* %318 to i32* store i32 0, i32* %319, align 8 %320 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 0, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %321 = bitcast %struct.spinlock* %312 to i8* store volatile i8 0, i8* %321, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %322 = getelementptr inbounds %struct.cred, %struct.cred* %315, i64 0, i32 23 %323 = load %struct.group_info*, %struct.group_info** %322, align 8 %324 = getelementptr inbounds %struct.group_info, %struct.group_info* %323, i64 0, i32 1 %325 = load i32, i32* %324, align 4 %326 = shl i64 %17, 32 %327 = ashr exact i64 %326, 32 %328 = sext i32 %325 to i64 %329 = shl nsw i64 %328, 2 %330 = icmp ult i64 %327, %329 %331 = trunc i64 %329 to i32 br i1 %330, label %332, label %341 %342 = bitcast i8* %3 to i32* %343 = icmp sgt i32 %325, 0 br i1 %343, label %348, label %359 %349 = phi i64 [ %358, %344 ], [ 0, %341 ] %350 = getelementptr %struct.group_info, %struct.group_info* %323, i64 0, i32 2, i64 %349, i32 0 %351 = load i32, i32* %350, align 4 %352 = icmp eq i32 %351, -1 %353 = load i32, i32* @overflowgid, align 4 %354 = select i1 %352, i32 %353, i32 %351 %355 = getelementptr i32, i32* %342, i64 %349 %356 = tail call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %354, i32* %355) #6, !srcloc !16 %357 = icmp eq i32 %356, 0 %358 = add nuw nsw i64 %349, 1 br i1 %357, label %344, label %359, !prof !5, !misexpect !6 %360 = phi i1 [ true, %341 ], [ true, %344 ], [ false, %348 ] %361 = phi i32 [ 0, %341 ], [ 0, %344 ], [ -14, %348 ] %362 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %320, i32* %320) #6, !srcloc !14 %363 = and i8 %362, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %366, label %365 tail call void @__put_cred(%struct.cred* nonnull %315) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_complete_unlink 3 nfs_dentry_iput ------------- Path:  Function:nfs_dentry_iput %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 0 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, -4096 %6 = icmp eq i16 %5, 16384 br i1 %6, label %7, label %12 %8 = getelementptr %struct.inode.195275, %struct.inode.195275* %1, i64 -1, i32 15, i32 1 %9 = getelementptr inbounds i64, i64* %8, i64 19 %10 = load i64, i64* %9, align 8 %11 = or i64 %10, 2 store i64 %11, i64* %9, align 8 br label %12 %13 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %32, label %17 tail call void bitcast (void (%struct.dentry.203041*, %struct.inode.203037*)* @nfs_complete_unlink to void (%struct.dentry.195278*, %struct.inode.195275*)*)(%struct.dentry.195278* %0, %struct.inode.195275* %1) #69 Function:nfs_complete_unlink %3 = alloca %struct.rpc_message.203076, align 8 %4 = alloca %struct.rpc_task_setup.203115, align 8 %5 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %0, i64 0, i32 7, i32 0 %6 = bitcast %struct.anon.1* %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %6) #69 %7 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %0, i64 0, i32 0 %8 = load i32, i32* %7, align 8 %9 = and i32 %8, -4097 store i32 %9, i32* %7, align 8 %10 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %0, i64 0, i32 11 %11 = bitcast i8** %10 to %struct.nfs_unlinkdata.203100** %12 = load %struct.nfs_unlinkdata.203100*, %struct.nfs_unlinkdata.203100** %11, align 8 store i8* null, i8** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = bitcast %struct.anon.1* %5 to i8* store volatile i8 0, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %14 = getelementptr %struct.inode.203037, %struct.inode.203037* %1, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 18 %16 = load volatile i64, i64* %15, align 8 %17 = and i64 %16, 2 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %119 %20 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %0, i64 0, i32 3 %21 = load %struct.dentry.203041*, %struct.dentry.203041** %20, align 8 %22 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %21, i64 0, i32 5 %23 = load %struct.inode.203037*, %struct.inode.203037** %22, align 8 %24 = getelementptr %struct.inode.203037, %struct.inode.203037* %23, i64 -1, i32 15, i32 1 %25 = getelementptr inbounds i64, i64* %24, i64 38 %26 = bitcast i64* %25 to %struct.rw_semaphore* tail call void @down_read(%struct.rw_semaphore* %26) #69 %27 = load %struct.dentry.203041*, %struct.dentry.203041** %20, align 8 %28 = getelementptr inbounds %struct.nfs_unlinkdata.203100, %struct.nfs_unlinkdata.203100* %12, i64 0, i32 0, i32 2 %29 = getelementptr inbounds %struct.nfs_unlinkdata.203100, %struct.nfs_unlinkdata.203100* %12, i64 0, i32 3 %30 = tail call %struct.dentry.203041* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.203041* (%struct.dentry.203041*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.203041* %27, %struct.qstr* %28, %struct.wait_queue_head* %29) #69 %31 = icmp ugt %struct.dentry.203041* %30, inttoptr (i64 -4096 to %struct.dentry.203041*) br i1 %31, label %32, label %33 %34 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %30, i64 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = and i32 %35, 268435456 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %54 %39 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %30, i64 0, i32 7, i32 0 %40 = bitcast %struct.anon.1* %39 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %40) #69 %41 = getelementptr inbounds %struct.dentry.203041, %struct.dentry.203041* %30, i64 0, i32 5 %42 = load %struct.inode.203037*, %struct.inode.203037** %41, align 8 %43 = icmp eq %struct.inode.203037* %42, null br i1 %43, label %115, label %44 %45 = load i32, i32* %34, align 8 %46 = and i32 %45, 4096 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %117 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %118 = bitcast %struct.anon.1* %39 to i8* store volatile i8 0, i8* %118, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.dentry.136422*)* @dput to void (%struct.dentry.203041*)*)(%struct.dentry.203041* %30) #69 tail call void @up_read(%struct.rw_semaphore* %26) #69 tail call void @kfree(i8* null) #69 br label %119 %120 = getelementptr inbounds %struct.nfs_unlinkdata.203100, %struct.nfs_unlinkdata.203100* %12, i64 0, i32 4 %121 = load %struct.cred*, %struct.cred** %120, align 8 %122 = icmp eq %struct.cred* %121, null br i1 %122, label %129, label %123 %124 = getelementptr inbounds %struct.cred, %struct.cred* %121, i64 0, i32 0, i32 0 %125 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %124, i32* %124) #6, !srcloc !6 %126 = and i8 %125, 1 %127 = icmp eq i8 %126, 0 br i1 %127, label %129, label %128 tail call void @__put_cred(%struct.cred* nonnull %121) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __put_nfs_open_context 3 nfs_file_clear_open_context 4 nfs_file_release ------------- Path:  Function:nfs_file_release %3 = getelementptr inbounds %struct.inode.196077, %struct.inode.196077* %0, i64 0, i32 8 %4 = load %struct.super_block.196065*, %struct.super_block.196065** %3, align 8 %5 = getelementptr inbounds %struct.super_block.196065, %struct.super_block.196065* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.196215** %7 = load %struct.nfs_server.196215*, %struct.nfs_server.196215** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.196215, %struct.nfs_server.196215* %7, i64 0, i32 6 %9 = load %struct.nfs_iostats*, %struct.nfs_iostats** %8, align 8 %10 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %9, i64 0, i32 1, i64 17 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %10, i64* %10) #6, !srcloc !4 tail call void bitcast (void (%struct.file.197585*)* @nfs_file_clear_open_context to void (%struct.file.196086*)*)(%struct.file.196086* %1) #69 Function:nfs_file_clear_open_context %2 = getelementptr inbounds %struct.file.197585, %struct.file.197585* %0, i64 0, i32 16 %3 = bitcast i8** %2 to %struct.nfs_open_context.197736** %4 = load %struct.nfs_open_context.197736*, %struct.nfs_open_context.197736** %3, align 8 %5 = icmp eq %struct.nfs_open_context.197736* %4, null br i1 %5, label %21, label %6 %7 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %4, i64 0, i32 2 %8 = load %struct.dentry.197651*, %struct.dentry.197651** %7, align 8 %9 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %8, i64 0, i32 5 %10 = load %struct.inode.197661*, %struct.inode.197661** %9, align 8 %11 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %4, i64 0, i32 7 %12 = bitcast i64* %11 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %12, i8 -17, i8* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %4, i64 0, i32 8 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, 0 br i1 %15, label %16, label %20 %17 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %10, i64 0, i32 9 %18 = load %struct.address_space.197662*, %struct.address_space.197662** %17, align 8 %19 = tail call i32 bitcast (i32 (%struct.address_space.111733*)* @invalidate_inode_pages2 to i32 (%struct.address_space.197662*)*)(%struct.address_space.197662* %18) #69 br label %20 store i8* null, i8** %2, align 8 tail call fastcc void @__put_nfs_open_context(%struct.nfs_open_context.197736* nonnull %4, i32 1) #69 Function:__put_nfs_open_context %3 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %0, i64 0, i32 2 %4 = load %struct.dentry.197651*, %struct.dentry.197651** %3, align 8 %5 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %4, i64 0, i32 5 %6 = load %struct.inode.197661*, %struct.inode.197661** %5, align 8 %7 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %4, i64 0, i32 9 %8 = load %struct.super_block.197647*, %struct.super_block.197647** %7, align 8 %9 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %0, i64 0, i32 0, i32 0 %10 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %0, i64 0, i32 0, i32 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %19 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %0, i64 0, i32 9 %20 = bitcast %struct.list_head* %19 to i64* %21 = load volatile i64, i64* %20, align 8 %22 = inttoptr i64 %21 to %struct.list_head* %23 = icmp eq %struct.list_head* %19, %22 br i1 %23, label %35, label %24 %36 = icmp eq %struct.inode.197661* %6, null br i1 %36, label %49, label %37 %50 = getelementptr inbounds %struct.nfs_open_context.197736, %struct.nfs_open_context.197736* %0, i64 0, i32 3 %51 = load %struct.cred*, %struct.cred** %50, align 8 %52 = icmp eq %struct.cred* %51, null br i1 %52, label %59, label %53 %54 = getelementptr inbounds %struct.cred, %struct.cred* %51, i64 0, i32 0, i32 0 %55 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %54, i32* %54) #6, !srcloc !10 %56 = and i8 %55, 1 %57 = icmp eq i8 %56, 0 br i1 %57, label %59, label %58 tail call void @__put_cred(%struct.cred* nonnull %51) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 nfs_closedir ------------- Path:  Function:nfs_closedir %3 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %1, i64 0, i32 2 %4 = load %struct.inode.195275*, %struct.inode.195275** %3, align 8 %5 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %1, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_dir_context** %7 = load %struct.nfs_open_dir_context*, %struct.nfs_open_dir_context** %6, align 8 %8 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %4, i64 0, i32 18 %9 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %8, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %9) #69 %10 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = bitcast %struct.spinlock* %8 to i8* store volatile i8 0, i8* %17, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %18 = getelementptr inbounds %struct.nfs_open_dir_context, %struct.nfs_open_dir_context* %7, i64 0, i32 1 %19 = load %struct.cred*, %struct.cred** %18, align 8 %20 = icmp eq %struct.cred* %19, null br i1 %20, label %27, label %21 %22 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 0, i32 0 %23 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %22, i32* %22) #6, !srcloc !6 %24 = and i8 %23, 1 %25 = icmp eq i8 %24, 0 br i1 %25, label %27, label %26 tail call void @__put_cred(%struct.cred* nonnull %19) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_wait4 6 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_compat_sys_waitid 7 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_sys_waitid 7 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 __ptrace_unlink 3 wait_consider_task 4 do_wait 5 kernel_waitid 6 __se_sys_waitid 7 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %27 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 0, i32 0 %28 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !9 %29 = and i8 %28, 1 %30 = icmp eq i8 %29, 0 br i1 %30, label %32, label %31 tail call void @__put_cred(%struct.cred* nonnull %24) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.22153, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.247922, align 8 %5 = alloca %struct.key.247526*, align 8 %6 = alloca %struct.key.247526*, align 8 %7 = bitcast %struct.keyring_search_context.247922* %4 to i8* %8 = bitcast %struct.key.247526** %5 to i8* %9 = bitcast %struct.key.247526** %6 to i8* %10 = call %struct.task_struct.247801* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247801** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247801**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.247801, %struct.task_struct.247801* %10, i64 0, i32 78 %12 = getelementptr inbounds %struct.keyring_search_context.247922, %struct.keyring_search_context.247922* %4, i64 0, i32 1 %13 = and i64 %1, 1 %14 = icmp eq i64 %13, 0 br label %15 %16 = load %struct.cred.247614*, %struct.cred.247614** %11, align 64 %17 = icmp eq %struct.cred.247614* %16, null br i1 %17, label %22, label %18 store %struct.cred.247614* %16, %struct.cred.247614** %12, align 8 switch i32 %0, label %254 [ i32 -1, label %23 i32 -2, label %73 i32 -3, label %123 i32 -4, label %176 i32 -5, label %184 i32 -6, label %346 i32 -7, label %192 i32 -8, label %212 ] %124 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %16, i64 0, i32 16 %125 = load %struct.key.247526*, %struct.key.247526** %124, align 8 %126 = icmp eq %struct.key.247526* %125, null br i1 %126, label %127, label %150 %151 = getelementptr inbounds %struct.key.247526, %struct.key.247526* %125, i64 0, i32 14 %152 = load volatile i64, i64* %151, align 8 %153 = and i64 %152, 512 %154 = icmp eq i64 %153, 0 %155 = or i1 %14, %154 br i1 %155, label %160, label %156 %157 = call i64 @join_session_keyring(i8* null) #70 %158 = trunc i64 %157 to i32 %159 = icmp slt i32 %158, 0 br i1 %159, label %343, label %364 %365 = load %struct.cred.247614*, %struct.cred.247614** %12, align 8 %366 = icmp eq %struct.cred.247614* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.247614*)*)(%struct.cred.247614* nonnull %365) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 __se_sys_add_key 4 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.22153, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.247922, align 8 %5 = alloca %struct.key.247526*, align 8 %6 = alloca %struct.key.247526*, align 8 %7 = bitcast %struct.keyring_search_context.247922* %4 to i8* %8 = bitcast %struct.key.247526** %5 to i8* %9 = bitcast %struct.key.247526** %6 to i8* %10 = call %struct.task_struct.247801* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247801** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247801**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.247801, %struct.task_struct.247801* %10, i64 0, i32 78 %12 = getelementptr inbounds %struct.keyring_search_context.247922, %struct.keyring_search_context.247922* %4, i64 0, i32 1 %13 = and i64 %1, 1 %14 = icmp eq i64 %13, 0 br label %15 %16 = load %struct.cred.247614*, %struct.cred.247614** %11, align 64 %17 = icmp eq %struct.cred.247614* %16, null br i1 %17, label %22, label %18 store %struct.cred.247614* %16, %struct.cred.247614** %12, align 8 switch i32 %0, label %254 [ i32 -1, label %23 i32 -2, label %73 i32 -3, label %123 i32 -4, label %176 i32 -5, label %184 i32 -6, label %346 i32 -7, label %192 i32 -8, label %212 ] %124 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %16, i64 0, i32 16 %125 = load %struct.key.247526*, %struct.key.247526** %124, align 8 %126 = icmp eq %struct.key.247526* %125, null br i1 %126, label %127, label %150 %151 = getelementptr inbounds %struct.key.247526, %struct.key.247526* %125, i64 0, i32 14 %152 = load volatile i64, i64* %151, align 8 %153 = and i64 %152, 512 %154 = icmp eq i64 %153, 0 %155 = or i1 %14, %154 br i1 %155, label %160, label %156 %157 = call i64 @join_session_keyring(i8* null) #70 %158 = trunc i64 %157 to i32 %159 = icmp slt i32 %158, 0 br i1 %159, label %343, label %364 %365 = load %struct.cred.247614*, %struct.cred.247614** %12, align 8 %366 = icmp eq %struct.cred.247614* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.247614*)*)(%struct.cred.247614* nonnull %365) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_get_keyring_ID 4 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %25 = tail call i64 @keyctl_get_keyring_ID(i32 %20, i32 %21) #69 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 8) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.247922, align 8 %5 = alloca %struct.key.247526*, align 8 %6 = alloca %struct.key.247526*, align 8 %7 = bitcast %struct.keyring_search_context.247922* %4 to i8* %8 = bitcast %struct.key.247526** %5 to i8* %9 = bitcast %struct.key.247526** %6 to i8* %10 = call %struct.task_struct.247801* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247801** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247801**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.247801, %struct.task_struct.247801* %10, i64 0, i32 78 %12 = getelementptr inbounds %struct.keyring_search_context.247922, %struct.keyring_search_context.247922* %4, i64 0, i32 1 %13 = and i64 %1, 1 %14 = icmp eq i64 %13, 0 br label %15 %16 = load %struct.cred.247614*, %struct.cred.247614** %11, align 64 %17 = icmp eq %struct.cred.247614* %16, null br i1 %17, label %22, label %18 store %struct.cred.247614* %16, %struct.cred.247614** %12, align 8 switch i32 %0, label %254 [ i32 -1, label %23 i32 -2, label %73 i32 -3, label %123 i32 -4, label %176 i32 -5, label %184 i32 -6, label %346 i32 -7, label %192 i32 -8, label %212 ] %124 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %16, i64 0, i32 16 %125 = load %struct.key.247526*, %struct.key.247526** %124, align 8 %126 = icmp eq %struct.key.247526* %125, null br i1 %126, label %127, label %150 %151 = getelementptr inbounds %struct.key.247526, %struct.key.247526* %125, i64 0, i32 14 %152 = load volatile i64, i64* %151, align 8 %153 = and i64 %152, 512 %154 = icmp eq i64 %153, 0 %155 = or i1 %14, %154 br i1 %155, label %160, label %156 %157 = call i64 @join_session_keyring(i8* null) #70 %158 = trunc i64 %157 to i32 %159 = icmp slt i32 %158, 0 br i1 %159, label %343, label %364 %365 = load %struct.cred.247614*, %struct.cred.247614** %12, align 8 %366 = icmp eq %struct.cred.247614* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.247614*)*)(%struct.cred.247614* nonnull %365) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.247922, align 8 %5 = alloca %struct.key.247526*, align 8 %6 = alloca %struct.key.247526*, align 8 %7 = bitcast %struct.keyring_search_context.247922* %4 to i8* %8 = bitcast %struct.key.247526** %5 to i8* %9 = bitcast %struct.key.247526** %6 to i8* %10 = call %struct.task_struct.247801* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247801** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247801**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.247801, %struct.task_struct.247801* %10, i64 0, i32 78 %12 = getelementptr inbounds %struct.keyring_search_context.247922, %struct.keyring_search_context.247922* %4, i64 0, i32 1 %13 = and i64 %1, 1 %14 = icmp eq i64 %13, 0 br label %15 %16 = load %struct.cred.247614*, %struct.cred.247614** %11, align 64 %17 = icmp eq %struct.cred.247614* %16, null br i1 %17, label %22, label %18 store %struct.cred.247614* %16, %struct.cred.247614** %12, align 8 switch i32 %0, label %254 [ i32 -1, label %23 i32 -2, label %73 i32 -3, label %123 i32 -4, label %176 i32 -5, label %184 i32 -6, label %346 i32 -7, label %192 i32 -8, label %212 ] %124 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %16, i64 0, i32 16 %125 = load %struct.key.247526*, %struct.key.247526** %124, align 8 %126 = icmp eq %struct.key.247526* %125, null br i1 %126, label %127, label %150 %151 = getelementptr inbounds %struct.key.247526, %struct.key.247526* %125, i64 0, i32 14 %152 = load volatile i64, i64* %151, align 8 %153 = and i64 %152, 512 %154 = icmp eq i64 %153, 0 %155 = or i1 %14, %154 br i1 %155, label %160, label %156 %157 = call i64 @join_session_keyring(i8* null) #70 %158 = trunc i64 %157 to i32 %159 = icmp slt i32 %158, 0 br i1 %159, label %343, label %364 %365 = load %struct.cred.247614*, %struct.cred.247614** %12, align 8 %366 = icmp eq %struct.cred.247614* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.247614*)*)(%struct.cred.247614* nonnull %365) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 lookup_user_key 3 keyctl_update_key 4 __se_sys_keyctl 5 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 Function:lookup_user_key %4 = alloca %struct.keyring_search_context.247922, align 8 %5 = alloca %struct.key.247526*, align 8 %6 = alloca %struct.key.247526*, align 8 %7 = bitcast %struct.keyring_search_context.247922* %4 to i8* %8 = bitcast %struct.key.247526** %5 to i8* %9 = bitcast %struct.key.247526** %6 to i8* %10 = call %struct.task_struct.247801* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247801** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247801**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.247801, %struct.task_struct.247801* %10, i64 0, i32 78 %12 = getelementptr inbounds %struct.keyring_search_context.247922, %struct.keyring_search_context.247922* %4, i64 0, i32 1 %13 = and i64 %1, 1 %14 = icmp eq i64 %13, 0 br label %15 %16 = load %struct.cred.247614*, %struct.cred.247614** %11, align 64 %17 = icmp eq %struct.cred.247614* %16, null br i1 %17, label %22, label %18 store %struct.cred.247614* %16, %struct.cred.247614** %12, align 8 switch i32 %0, label %254 [ i32 -1, label %23 i32 -2, label %73 i32 -3, label %123 i32 -4, label %176 i32 -5, label %184 i32 -6, label %346 i32 -7, label %192 i32 -8, label %212 ] %124 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %16, i64 0, i32 16 %125 = load %struct.key.247526*, %struct.key.247526** %124, align 8 %126 = icmp eq %struct.key.247526* %125, null br i1 %126, label %127, label %150 %151 = getelementptr inbounds %struct.key.247526, %struct.key.247526* %125, i64 0, i32 14 %152 = load volatile i64, i64* %151, align 8 %153 = and i64 %152, 512 %154 = icmp eq i64 %153, 0 %155 = or i1 %14, %154 br i1 %155, label %160, label %156 %157 = call i64 @join_session_keyring(i8* null) #70 %158 = trunc i64 %157 to i32 %159 = icmp slt i32 %158, 0 br i1 %159, label %343, label %364 %365 = load %struct.cred.247614*, %struct.cred.247614** %12, align 8 %366 = icmp eq %struct.cred.247614* %365, null br i1 %366, label %367, label %368 %369 = getelementptr inbounds %struct.cred.247614, %struct.cred.247614* %365, i64 0, i32 0, i32 0 %370 = call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %369, i32* %369) #6, !srcloc !13 %371 = and i8 %370, 1 %372 = icmp eq i8 %371, 0 br i1 %372, label %367, label %373 call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.247614*)*)(%struct.cred.247614* nonnull %365) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_cred_rcu 1 __put_cred 2 put_fs_context 3 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context.138693** %5 = load %struct.fs_context.138693*, %struct.fs_context.138693** %4, align 8 %6 = icmp eq %struct.fs_context.138693* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.143997*)* @put_fs_context to void (%struct.fs_context.138693*)*)(%struct.fs_context.138693* nonnull %5) #69 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 5 %3 = load %struct.dentry.143994*, %struct.dentry.143994** %2, align 8 %4 = icmp eq %struct.dentry.143994* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.143593*, %struct.fs_context_operations.143593** %15, align 8 %17 = icmp eq %struct.fs_context_operations.143593* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.143593, %struct.fs_context_operations.143593* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.143997*)*, void (%struct.fs_context.143997*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.143997*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #69 %25 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 7 %26 = load %struct.net.49803*, %struct.net.49803** %25, align 8 %27 = getelementptr inbounds %struct.net.49803, %struct.net.49803* %26, i64 0, i32 1 %28 = getelementptr inbounds %union.anon.21, %union.anon.21* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 %32 = add i32 %29, -1 %33 = or i32 %32, %29 %34 = icmp sgt i32 %33, -1 br i1 %34, label %37, label %35, !prof !5, !misexpect !6 %38 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 8 %39 = load %struct.cred.49835*, %struct.cred.49835** %38, align 8 %40 = icmp eq %struct.cred.49835* %39, null br i1 %40, label %47, label %41 %42 = getelementptr inbounds %struct.cred.49835, %struct.cred.49835* %39, i64 0, i32 0, i32 0 %43 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %42, i32* %42) #6, !srcloc !8 %44 = and i8 %43, 1 %45 = icmp eq i8 %44, 0 br i1 %45, label %47, label %46 tail call void bitcast (void (%struct.cred*)* @__put_cred to void (%struct.cred.49835*)*)(%struct.cred.49835* nonnull %39) #69 Function:__put_cred %2 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 0, i32 0 %3 = load volatile i32, i32* %2, align 4 %4 = icmp eq i32 %3, 0 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp eq %struct.cred* %9, %0 br i1 %10, label %11, label %12, !prof !9, !misexpect !5 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 77 %14 = load %struct.cred*, %struct.cred** %13, align 8 %15 = icmp eq %struct.cred* %14, %0 br i1 %15, label %16, label %17, !prof !9, !misexpect !5 %18 = getelementptr inbounds %struct.cred, %struct.cred* %0, i64 0, i32 24 %19 = bitcast %union.anon.49* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = icmp eq i32 %20, 0 %22 = getelementptr %union.anon.49, %union.anon.49* %18, i64 0, i32 0 br i1 %21, label %24, label %23 tail call void @put_cred_rcu(%struct.callback_head* %22) #69 Function:put_cred_rcu %2 = getelementptr %struct.callback_head, %struct.callback_head* %0, i64 -10, i32 1 %3 = bitcast void (%struct.callback_head*)** %2 to i32* %4 = load volatile i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 br i1 %5, label %8, label %6 %7 = load volatile i32, i32* %3, align 4 tail call void (i8*, ...) @panic(i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.2.6425, i64 0, i64 0), void (%struct.callback_head*)** %2, i32 %7) #69 ------------- Good: 1055 Bad: 43 Ignored: 875 Check Use of Function:n_null_close Check Use of Function:serport_ldisc_open Check Use of Function:n_null_open Check Use of Function:tty_buffer_restart_work Check Use of Function:ip6_route_del Check Use of Function:loop_info64_to_compat Check Use of Function:cn_netlink_send Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __se_sys_prctl 2 __ia32_sys_prctl ------------- Path:  Function:__ia32_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_prctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_prctl %6 = alloca [46 x i64], align 16 %7 = alloca [16 x i8], align 16 %8 = trunc i64 %0 to i32 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 0 %11 = tail call i32 @security_task_prctl(i32 %8, i64 %1, i64 %2, i64 %3, i64 %4) #69 %12 = icmp eq i32 %11, -38 br i1 %12, label %15, label %13 switch i32 %8, label %458 [ i32 1, label %16 i32 2, label %21 i32 3, label %27 i32 4, label %33 i32 56, label %453 i32 55, label %449 i32 54, label %445 i32 53, label %439 i32 52, label %432 i32 44, label %460 i32 13, label %39 i32 14, label %40 i32 15, label %43 i32 16, label %49 i32 43, label %460 i32 41, label %411 i32 21, label %54 i32 22, label %56 i32 25, label %59 i32 26, label %62 i32 31, label %66 i32 32, label %69 i32 30, label %72 i32 29, label %75 i32 33, label %83 i32 34, label %103 i32 35, label %117 i32 42, label %399 i32 36, label %361 i32 37, label %371 i32 38, label %381 i32 39, label %390 ] %44 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 15 store i8 0, i8* %44, align 1 %45 = inttoptr i64 %1 to i8* %46 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %45, i64 15) #69 %47 = icmp slt i64 %46, 0 br i1 %47, label %460, label %48 call void @__set_task_comm(%struct.task_struct.43108* %9, i8* nonnull %10, i1 zeroext false) #69 call void bitcast (void (%struct.task_struct.507922*)* @proc_comm_connector to void (%struct.task_struct.43108*)*)(%struct.task_struct.43108* %9) #69 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %40, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 48 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 49 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct.43108*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.507922*)*)(i8* %23, i64 16, %struct.task_struct.507922* %0) #69 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %34 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %35 = bitcast i8* %34 to i32* store i32 %33, i32* %35, align 4 %36 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %37 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %38 = bitcast i8* %37 to i32* store i32 %36, i32* %38, align 4 %39 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_comm_connector 1 __se_sys_prctl 2 __x64_sys_prctl ------------- Path:  Function:__x64_sys_prctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_prctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_prctl %6 = alloca [46 x i64], align 16 %7 = alloca [16 x i8], align 16 %8 = trunc i64 %0 to i32 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 0 %11 = tail call i32 @security_task_prctl(i32 %8, i64 %1, i64 %2, i64 %3, i64 %4) #69 %12 = icmp eq i32 %11, -38 br i1 %12, label %15, label %13 switch i32 %8, label %458 [ i32 1, label %16 i32 2, label %21 i32 3, label %27 i32 4, label %33 i32 56, label %453 i32 55, label %449 i32 54, label %445 i32 53, label %439 i32 52, label %432 i32 44, label %460 i32 13, label %39 i32 14, label %40 i32 15, label %43 i32 16, label %49 i32 43, label %460 i32 41, label %411 i32 21, label %54 i32 22, label %56 i32 25, label %59 i32 26, label %62 i32 31, label %66 i32 32, label %69 i32 30, label %72 i32 29, label %75 i32 33, label %83 i32 34, label %103 i32 35, label %117 i32 42, label %399 i32 36, label %361 i32 37, label %371 i32 38, label %381 i32 39, label %390 ] %44 = getelementptr inbounds [16 x i8], [16 x i8]* %7, i64 0, i64 15 store i8 0, i8* %44, align 1 %45 = inttoptr i64 %1 to i8* %46 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %45, i64 15) #69 %47 = icmp slt i64 %46, 0 br i1 %47, label %460, label %48 call void @__set_task_comm(%struct.task_struct.43108* %9, i8* nonnull %10, i1 zeroext false) #69 call void bitcast (void (%struct.task_struct.507922*)* @proc_comm_connector to void (%struct.task_struct.43108*)*)(%struct.task_struct.43108* %9) #69 Function:proc_comm_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %40, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 512, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 48 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 49 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %24 = call i8* bitcast (i8* (i8*, i64, %struct.task_struct.43108*)* @__get_task_comm to i8* (i8*, i64, %struct.task_struct.507922*)*)(i8* %23, i64 16, %struct.task_struct.507922* %0) #69 %25 = bitcast i8* %7 to i64* %26 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %26, i64* %25, align 4 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %28 = bitcast i8* %27 to i32* store i32 0, i32* %28, align 8 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %30 = bitcast i8* %29 to i16* store i16 40, i16* %30, align 4 %31 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %32 = bitcast i8* %31 to i16* store i16 0, i16* %32, align 2 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %34 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %35 = bitcast i8* %34 to i32* store i32 %33, i32* %35, align 4 %36 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %37 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %38 = bitcast i8* %37 to i32* store i32 %36, i32* %38, align 4 %39 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_sid_connector 1 ksys_setsid 2 __x64_sys_setsid ------------- Path:  Function:__x64_sys_setsid %2 = tail call i32 @ksys_setsid() #69 Function:ksys_setsid %1 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 55 %3 = load %struct.task_struct.43108*, %struct.task_struct.43108** %2, align 8 %4 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %3, i64 0, i32 58 %5 = load %struct.pid.42861*, %struct.pid.42861** %4, align 64 %6 = tail call i32 bitcast (i32 (%struct.pid.49683*)* @pid_vnr to i32 (%struct.pid.42861*)*)(%struct.pid.42861* %5) #69 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %3, i64 0, i32 87 %8 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %7, align 8 %9 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %8, i64 0, i32 23 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %33 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @pid_task to %struct.task_struct.43108* (%struct.pid.42861*, i32)*)(%struct.pid.42861* %5, i32 2) #69 %14 = icmp eq %struct.task_struct.43108* %13, null br i1 %14, label %15, label %33 %34 = phi i32 [ -1, %0 ], [ -1, %12 ], [ %6, %32 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.rwlock_t* @tasklist_lock to i8*), align 4 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %35 = icmp sgt i32 %34, 0 br i1 %35, label %36, label %37 tail call void bitcast (void (%struct.task_struct.507922*)* @proc_sid_connector to void (%struct.task_struct.43108*)*)(%struct.task_struct.43108* %3) #69 Function:proc_sid_connector %2 = alloca [64 x i8], align 8 %3 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 0 %4 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @proc_event_num_listeners, i64 0, i32 0), align 4 %5 = icmp slt i32 %4, 1 br i1 %5, label %38, label %6 %7 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 4 %8 = bitcast i8* %7 to %struct.cn_msg* %9 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 24 %10 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 40 %11 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 48 %12 = tail call i64 @ktime_get() #69 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 32 %14 = bitcast i8* %13 to i64* store i64 %12, i64* %14, align 8 %15 = bitcast i8* %9 to i32* store i32 128, i32* %15, align 8 %16 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 48 %17 = load i32, i32* %16, align 8 %18 = bitcast i8* %10 to i32* store i32 %17, i32* %18, align 8 %19 = getelementptr inbounds %struct.task_struct.507922, %struct.task_struct.507922* %0, i64 0, i32 49 %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 44 %22 = bitcast i8* %21 to i32* store i32 %20, i32* %22, align 4 %23 = bitcast i8* %7 to i64* %24 = load i64, i64* bitcast (%struct.util_est* @cn_proc_event_id to i64*), align 8 store i64 %24, i64* %23, align 4 %25 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 16 %26 = bitcast i8* %25 to i32* store i32 0, i32* %26, align 8 %27 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 20 %28 = bitcast i8* %27 to i16* store i16 40, i16* %28, align 4 %29 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 22 %30 = bitcast i8* %29 to i16* store i16 0, i16* %30, align 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = tail call i32 asm "xaddl $0, %gs:$1", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull @proc_event_counts, i32 1, i32* nonnull @proc_event_counts) #6, !srcloc !5 %32 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 12 %33 = bitcast i8* %32 to i32* store i32 %31, i32* %33, align 4 %34 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 %35 = getelementptr inbounds [64 x i8], [64 x i8]* %2, i64 0, i64 28 %36 = bitcast i8* %35 to i32* store i32 %34, i32* %36, align 4 %37 = call i32 @cn_netlink_send(%struct.cn_msg* %8, i32 0, i32 1, i32 2048) #69 ------------- Good: 38 Bad: 3 Ignored: 40 Check Use of Function:llist_add_batch Use: =BAD PATH= Call Stack: 0 __put_net 1 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %5 = getelementptr inbounds %struct.path.168368, %struct.path.168368* %0, i64 0, i32 1 %6 = load %struct.dentry.168366*, %struct.dentry.168366** %5, align 8 %7 = getelementptr inbounds %struct.dentry.168366, %struct.dentry.168366* %6, i64 0, i32 5 %8 = load %struct.inode.168362*, %struct.inode.168362** %7, align 8 %9 = tail call fastcc %struct.net.168292* @get_proc_task_net(%struct.inode.168362* %8) #69 tail call void bitcast (void (%struct.inode.112777*, %struct.kstat*)* @generic_fillattr to void (%struct.inode.168362*, %struct.kstat*)*)(%struct.inode.168362* %8, %struct.kstat* %1) #70 %10 = icmp eq %struct.net.168292* %9, null br i1 %10, label %27, label %11 %12 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %9, i64 0, i32 17 %13 = load %struct.proc_dir_entry.168189*, %struct.proc_dir_entry.168189** %12, align 32 %14 = getelementptr inbounds %struct.proc_dir_entry.168189, %struct.proc_dir_entry.168189* %13, i64 0, i32 13 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.kstat, %struct.kstat* %1, i64 0, i32 2 store i32 %15, i32* %16, align 8 %17 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %9, i64 0, i32 1 %18 = getelementptr inbounds %union.anon.21, %union.anon.21* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* nonnull %9) #70 Function:__put_net %2 = getelementptr inbounds %struct.net.651059, %struct.net.651059* %0, i64 0, i32 10 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.58463) #69 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file.168371, %struct.file.168371* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.168058** %5 = load %struct.seq_file.168058*, %struct.seq_file.168058** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.168058, %struct.seq_file.168058* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.net.168292** %8 = load %struct.net.168292*, %struct.net.168292** %7, align 8 %9 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %8, i64 0, i32 1 %10 = getelementptr inbounds %union.anon.21, %union.anon.21* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* %8) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.651059, %struct.net.651059* %0, i64 0, i32 10 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.58463) #69 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 put_fs_context 2 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context.138693** %5 = load %struct.fs_context.138693*, %struct.fs_context.138693** %4, align 8 %6 = icmp eq %struct.fs_context.138693* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.143997*)* @put_fs_context to void (%struct.fs_context.138693*)*)(%struct.fs_context.138693* nonnull %5) #69 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 5 %3 = load %struct.dentry.143994*, %struct.dentry.143994** %2, align 8 %4 = icmp eq %struct.dentry.143994* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.143593*, %struct.fs_context_operations.143593** %15, align 8 %17 = icmp eq %struct.fs_context_operations.143593* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.143593, %struct.fs_context_operations.143593* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.143997*)*, void (%struct.fs_context.143997*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.143997*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #69 %25 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 7 %26 = load %struct.net.49803*, %struct.net.49803** %25, align 8 %27 = getelementptr inbounds %struct.net.49803, %struct.net.49803* %26, i64 0, i32 1 %28 = getelementptr inbounds %union.anon.21, %union.anon.21* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.49803*)*)(%struct.net.49803* %26) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.651059, %struct.net.651059* %0, i64 0, i32 10 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.58463) #69 ------------- Use: =BAD PATH= Call Stack: 0 __put_net 1 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file.168371, %struct.file.168371* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.168058** %5 = load %struct.seq_file.168058*, %struct.seq_file.168058** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.168058, %struct.seq_file.168058* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.seq_net_private** %8 = load %struct.seq_net_private*, %struct.seq_net_private** %7, align 8 %9 = getelementptr inbounds %struct.seq_net_private, %struct.seq_net_private* %8, i64 0, i32 0 %10 = load %struct.net.168292*, %struct.net.168292** %9, align 8 %11 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %10, i64 0, i32 1 %12 = getelementptr inbounds %union.anon.21, %union.anon.21* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* %10) #69 Function:__put_net %2 = getelementptr inbounds %struct.net.651059, %struct.net.651059* %0, i64 0, i32 10 %3 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %2, %struct.llist_node* %2, %struct.llist_node* nonnull @cleanup_list.58463) #69 ------------- Use: =BAD PATH= Call Stack: 0 netns_put ------------- Path:  Function:netns_put %2 = getelementptr %struct.ns_common.650973, %struct.ns_common.650973* %0, i64 -5 %3 = bitcast %struct.ns_common.650973* %2 to %struct.net.651059* %4 = getelementptr inbounds %struct.net.651059, %struct.net.651059* %3, i64 0, i32 1 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !4 %7 = icmp eq i32 %6, 1 br i1 %7, label %13, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %14 = getelementptr %struct.ns_common.650973, %struct.ns_common.650973* %0, i64 -3, i32 2 %15 = bitcast i32* %14 to %struct.llist_node* %16 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %15, %struct.llist_node* %15, %struct.llist_node* nonnull @cleanup_list.58463) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_context_release 1 i915_gem_context_getparam_ioctl ------------- Path:  Function:i915_gem_context_getparam_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %6 = getelementptr inbounds %struct.drm_file.387874, %struct.drm_file.387874* %2, i64 0, i32 17 %7 = bitcast i8** %6 to %struct.drm_i915_file_private.388029** %8 = load %struct.drm_i915_file_private.388029*, %struct.drm_i915_file_private.388029** %7, align 8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_i915_file_private.388029, %struct.drm_i915_file_private.388029* %8, i64 0, i32 3 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #69 %14 = bitcast i8* %13 to %struct.i915_gem_context.388115* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = getelementptr inbounds i8, i8* %13, i64 112 %18 = bitcast i8* %17 to %union.anon.21* %19 = bitcast i8* %17 to i32* %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %16 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !5 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !6, !misexpect !7 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %16 ], [ %23, %22 ], [ 0, %29 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* %18, i32 0) #69 br label %38 %39 = icmp eq i32 %33, 0 br i1 %39, label %40, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 switch i64 %44, label %450 [ i64 2, label %45 i64 3, label %54 i64 4, label %81 i64 5, label %91 i64 8, label %101 i64 6, label %111 i64 7, label %121 i64 9, label %211 i64 10, label %273 ] %274 = bitcast i32* %4 to %struct.nlattr* %275 = getelementptr inbounds i8, i8* %13, i64 24 %276 = bitcast i8* %275 to %struct.mutex* %277 = tail call i32 @mutex_lock_interruptible(%struct.mutex* %276) #69 %278 = icmp eq i32 %277, 0 br i1 %278, label %279, label %450 %280 = getelementptr inbounds i8, i8* %13, i64 144 %281 = bitcast i8* %280 to i64* %282 = load volatile i64, i64* %281, align 8 %283 = and i64 %282, 8 %284 = icmp eq i64 %283, 0 br i1 %284, label %338, label %285 %286 = getelementptr inbounds i8, i8* %13, i64 16 %287 = bitcast i8* %286 to %struct.i915_gem_engines.388114** %288 = load %struct.i915_gem_engines.388114*, %struct.i915_gem_engines.388114** %287, align 8 %289 = getelementptr inbounds %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %288, i64 0, i32 1 %290 = load i32, i32* %289, align 8 %291 = zext i32 %290 to i64 %292 = shl nuw nsw i64 %291, 3 %293 = add nuw nsw i64 %292, 24 %294 = tail call noalias align 8 i8* @__kmalloc(i64 %293, i32 3264) #69 %295 = icmp eq i8* %294, null br i1 %295, label %335, label %296 %297 = load i32, i32* %289, align 8 %298 = icmp eq i32 %297, 0 br i1 %298, label %331, label %299 %300 = getelementptr inbounds i8, i8* %294, i64 24 %301 = bitcast i8* %300 to [0 x %struct.intel_context.388113*]* br label %302 %303 = phi i32 [ %297, %299 ], [ %325, %324 ] %304 = phi i64 [ 0, %299 ], [ %326, %324 ] %305 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %288, i64 0, i32 2, i64 %304 %306 = load %struct.intel_context.388113*, %struct.intel_context.388113** %305, align 8 %307 = icmp eq %struct.intel_context.388113* %306, null br i1 %307, label %322, label %308 %323 = getelementptr [0 x %struct.intel_context.388113*], [0 x %struct.intel_context.388113*]* %301, i64 0, i64 %304 store %struct.intel_context.388113* null, %struct.intel_context.388113** %323, align 8 br label %324 %325 = phi i32 [ %321, %319 ], [ %303, %322 ] %326 = add nuw nsw i64 %304, 1 %327 = zext i32 %325 to i64 %328 = icmp ult i64 %326, %327 br i1 %328, label %302, label %329 %330 = trunc i64 %326 to i32 br label %331 %332 = phi i32 [ 0, %296 ], [ %330, %329 ] %333 = getelementptr inbounds i8, i8* %294, i64 16 %334 = bitcast i8* %333 to i32* store i32 %332, i32* %334, align 8 br label %335 %336 = phi i8* [ %294, %331 ], [ inttoptr (i64 -12 to i8*), %285 ] %337 = bitcast i8* %336 to %struct.i915_gem_engines.388114* br label %338 %339 = phi %struct.i915_gem_engines.388114* [ %337, %335 ], [ null, %279 ] tail call void @mutex_unlock(%struct.mutex* %276) #69 %340 = bitcast %struct.i915_gem_engines.388114* %339 to i8* %341 = icmp eq %struct.i915_gem_engines.388114* %339, null %342 = icmp ugt %struct.i915_gem_engines.388114* %339, inttoptr (i64 -4096 to %struct.i915_gem_engines.388114*) %343 = or i1 %341, %342 br i1 %343, label %344, label %350 %351 = getelementptr inbounds %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 1 %352 = load i32, i32* %351, align 8 %353 = zext i32 %352 to i64 %354 = shl nuw nsw i64 %353, 2 %355 = add nuw nsw i64 %354, 8 %356 = icmp ult i32 %352, 1073741822 br i1 %356, label %357, label %418 %358 = getelementptr inbounds i8, i8* %1, i64 4 %359 = bitcast i8* %358 to i32* %360 = load i32, i32* %359, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %364 %365 = zext i32 %360 to i64 %366 = icmp ugt i64 %355, %365 br i1 %366, label %412, label %367 %368 = getelementptr inbounds i8, i8* %1, i64 16 %369 = bitcast i8* %368 to %struct.i915_context_param_engines** %370 = load %struct.i915_context_param_engines*, %struct.i915_context_param_engines** %369, align 8 %371 = tail call %struct.task_struct.379408* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.379408** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.379408**)) #10, !srcloc !13 %372 = getelementptr inbounds %struct.task_struct.379408, %struct.task_struct.379408* %371, i64 0, i32 163, i32 17, i32 0 %373 = load i64, i64* %372, align 8 %374 = ptrtoint %struct.i915_context_param_engines* %370 to i64 %375 = add i64 %355, %374 %376 = icmp ult i64 %375, %355 %377 = icmp ugt i64 %375, %373 %378 = or i1 %376, %377 br i1 %378, label %412, label %379, !prof !6, !misexpect !14 %380 = getelementptr inbounds %struct.i915_context_param_engines, %struct.i915_context_param_engines* %370, i64 0, i32 0 %381 = tail call i64 asm sideeffect "call __put_user_8", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i64 0, i64* %380) #6, !srcloc !15 %382 = and i64 %381, 4294967295 %383 = icmp eq i64 %382, 0 br i1 %383, label %384, label %412, !prof !8, !misexpect !7 %385 = icmp eq i32 %352, 0 br i1 %385, label %410, label %386 %387 = bitcast i32* %4 to i8* %388 = bitcast i32* %4 to i16* %389 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %274, i64 0, i32 1 br label %392 %393 = phi i64 [ 0, %386 ], [ %409, %390 ] store i32 -1, i32* %4, align 4 %394 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 2, i64 %393 %395 = load %struct.intel_context.388113*, %struct.intel_context.388113** %394, align 8 %396 = icmp eq %struct.intel_context.388113* %395, null br i1 %396, label %404, label %397 %398 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %395, i64 0, i32 1 %399 = load %struct.intel_engine_cs.388112*, %struct.intel_engine_cs.388112** %398, align 8 %400 = getelementptr inbounds %struct.intel_engine_cs.388112, %struct.intel_engine_cs.388112* %399, i64 0, i32 11 %401 = load i16, i16* %400, align 4 store i16 %401, i16* %388, align 4 %402 = getelementptr inbounds %struct.intel_engine_cs.388112, %struct.intel_engine_cs.388112* %399, i64 0, i32 12 %403 = load i16, i16* %402, align 2 store i16 %403, i16* %389, align 2 br label %404 %405 = getelementptr %struct.i915_context_param_engines, %struct.i915_context_param_engines* %370, i64 0, i32 1, i64 %393 %406 = bitcast %struct.nlattr* %405 to i8* %407 = call i64 @_copy_to_user(i8* %406, i8* nonnull %387, i64 4) #69 %408 = icmp eq i64 %407, 0 %409 = add nuw nsw i64 %393, 1 br i1 %408, label %390, label %412 %413 = phi i32 [ 0, %410 ], [ 0, %362 ], [ -22, %364 ], [ -14, %367 ], [ -14, %379 ], [ -14, %404 ] %414 = load i32, i32* %351, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %448, label %416 %417 = zext i32 %414 to i64 br label %418 %419 = phi i64 [ %417, %416 ], [ %353, %350 ] %420 = phi i32 [ %413, %416 ], [ -22, %350 ] br label %421 %422 = phi i64 [ %419, %418 ], [ %447, %445 ] %423 = trunc i64 %422 to i32 %424 = add i32 %423, -1 %425 = zext i32 %424 to i64 %426 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 2, i64 %425 %427 = load %struct.intel_context.388113*, %struct.intel_context.388113** %426, align 8 %428 = icmp eq %struct.intel_context.388113* %427, null br i1 %428, label %445, label %429 %430 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 17 %431 = load %struct.intel_context_ops.388103*, %struct.intel_context_ops.388103** %430, align 8 %432 = getelementptr inbounds %struct.intel_context_ops.388103, %struct.intel_context_ops.388103* %431, i64 0, i32 6 %433 = load void (%struct.qspinlock*)*, void (%struct.qspinlock*)** %432, align 8 %434 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0, i32 0 %435 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0, i32 0, i32 0, i32 0 %436 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %435, i32 -1, i32* %435) #6, !srcloc !10 %437 = icmp eq i32 %436, 1 br i1 %437, label %443, label %438 %444 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void %433(%struct.qspinlock* %444) #69 br label %445 %446 = icmp eq i32 %424, 0 %447 = add nsw i64 %422, -1 br i1 %446, label %448, label %421 %449 = phi i32 [ %413, %412 ], [ %420, %445 ] call void @kfree(i8* %340) #69 br label %450 %451 = phi i32 [ %210, %209 ], [ 0, %111 ], [ 0, %101 ], [ 0, %91 ], [ 0, %81 ], [ 0, %61 ], [ 0, %71 ], [ 0, %76 ], [ 0, %45 ], [ -22, %41 ], [ -19, %211 ], [ %220, %216 ], [ %263, %266 ], [ %263, %270 ], [ %263, %271 ], [ %349, %344 ], [ %449, %448 ], [ %277, %273 ] %452 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !10 %453 = icmp eq i32 %452, 1 br i1 %453, label %459, label %454 %460 = bitcast i8* %17 to %struct.qspinlock* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @i915_gem_context_release(%struct.qspinlock* %460) #69 Function:i915_gem_context_release %2 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -28 %3 = bitcast %struct.qspinlock* %2 to %struct.i915_gem_context.388115* %4 = bitcast %struct.qspinlock* %2 to %struct.drm_i915_private.388303** %5 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_context_free to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@i915_gem_context_release, %6)) #6 to label %28 [label %6], !srcloc !4 %29 = getelementptr %struct.qspinlock, %struct.qspinlock* %0, i64 -2 %30 = bitcast %struct.qspinlock* %29 to %struct.llist_node* %31 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 97, i32 2 %32 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %30, %struct.llist_node* %30, %struct.llist_node* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_compat_sys_waitid 9 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_sys_waitid 9 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_sys_waitid 9 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 ttwu_queue_remote 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %257 = phi i32 [ %255, %253 ], [ %229, %249 ], [ %229, %245 ] %258 = load volatile i32, i32* %92, align 4 %259 = icmp eq i32 %258, %257 br i1 %259, label %262, label %260 %263 = phi i32 [ %261, %260 ], [ %2, %256 ] %264 = sext i32 %257 to i64 %265 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %264 %266 = load i64, i64* %265, align 8 %267 = add i64 %266, ptrtoint (%struct.rq* @runqueues to i64) %268 = inttoptr i64 %267 to %struct.rq* %269 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !26 %270 = icmp eq i32 %269, %257 br i1 %270, label %284, label %271 %272 = sext i32 %269 to i64 %273 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %272 %274 = load i64, i64* %273, align 8 %275 = add i64 %274, ptrtoint (i32* @sd_llc_id to i64) %276 = inttoptr i64 %275 to i32* %277 = load i32, i32* %276, align 4 %278 = add i64 %266, ptrtoint (i32* @sd_llc_id to i64) %279 = inttoptr i64 %278 to i32* %280 = load i32, i32* %279, align 4 %281 = icmp eq i32 %277, %280 br i1 %281, label %284, label %282 %283 = tail call i64 @sched_clock_cpu(i32 %257) #69 tail call fastcc void @ttwu_queue_remote(%struct.task_struct.54204* %0, i32 %257, i32 %263) #69 Function:ttwu_queue_remote %4 = sext i32 %1 to i64 %5 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %4 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %8 = load i8, i8* %7, align 4 %9 = trunc i32 %2 to i8 %10 = shl i8 %9, 1 %11 = and i8 %10, 8 %12 = and i8 %8, -9 %13 = or i8 %12, %11 store i8 %13, i8* %7, align 4 %14 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 6 %15 = load i64, i64* %5, align 8 %16 = add i64 %15, ptrtoint (%struct.rq* @runqueues to i64) %17 = inttoptr i64 %16 to %struct.rq* %18 = getelementptr inbounds %struct.rq, %struct.rq* %17, i64 0, i32 62 %19 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %14, %struct.llist_node* %14, %struct.llist_node* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %48 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %48, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #69 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %48 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #69 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.anon.152.194650, align 8 %4 = bitcast %struct.anon.152.194650* %3 to i8* %5 = getelementptr inbounds %struct.anon.152.194650, %struct.anon.152.194650* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.anon.152.194650, %struct.anon.152.194650* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsr_safe_regs_on_cpu 3 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %48 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %48, label %16 %17 = inttoptr i64 %2 to i8* %18 = call i64 @_copy_from_user(i8* nonnull %5, i8* %17, i64 32) #69 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %48 %21 = getelementptr inbounds [8 x i32], [8 x i32]* %4, i64 0, i64 0 %22 = call i32 @rdmsr_safe_regs_on_cpu(i32 %10, i32* nonnull %21) #69 Function:rdmsr_safe_regs_on_cpu %3 = alloca %struct.anon.152.194650, align 8 %4 = bitcast %struct.anon.152.194650* %3 to i8* %5 = getelementptr inbounds %struct.anon.152.194650, %struct.anon.152.194650* %3, i64 0, i32 0 store i32* %1, i32** %5, align 8 %6 = getelementptr inbounds %struct.anon.152.194650, %struct.anon.152.194650* %3, i64 0, i32 1 store i32 -5, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_safe_regs_on_cpu, i8* nonnull %4, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_store ------------- Path:  Function:energy_perf_bias_store %5 = alloca i64, align 8 %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 28 %8 = load i32, i32* %7, align 8 %9 = bitcast i64* %5 to i8* %10 = bitcast i64* %6 to i8* %11 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([5 x i8*], [5 x i8*]* @energy_perf_strings, i64 0, i64 0), i64 5, i8* %2) #69 %12 = icmp sgt i32 %11, -1 br i1 %12, label %13, label %18 %19 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %6) #69 %20 = icmp ne i32 %19, 0 %21 = load i64, i64* %6, align 8 %22 = icmp ugt i64 %21, 15 %23 = or i1 %20, %22 br i1 %23, label %38, label %24 %25 = call i32 @rdmsrl_on_cpu(i32 %8, i32 432, i64* nonnull %5) #69 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 store i32 %1, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 rdmsrl_on_cpu 3 energy_perf_bias_show ------------- Path:  Function:energy_perf_bias_show %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.device, %struct.device* %0, i64 0, i32 28 %6 = load i32, i32* %5, align 8 %7 = bitcast i64* %4 to i8* %8 = call i32 @rdmsrl_on_cpu(i32 %6, i32 432, i64* nonnull %4) #69 Function:rdmsrl_on_cpu %4 = alloca %struct.msr_info, align 8 %5 = bitcast %struct.msr_info* %4 to i8* %6 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %4, i64 0, i32 0 store i32 %1, i32* %6, align 8 %7 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__rdmsr_on_cpu, i8* nonnull %5, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 init_debug_store_on_cpu 4 intel_pmu_cpu_starting ------------- Path:  Function:intel_pmu_cpu_starting %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events.5952* %7 = add i64 %4, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %8 = inttoptr i64 %7 to %struct.cpuinfo_x86* %9 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %8, i64 0, i32 27 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i32 tail call void @init_debug_store_on_cpu(i32 %0) #69 Function:init_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %16, label %10 %11 = ptrtoint %struct.debug_store* %8 to i64 %12 = trunc i64 %11 to i32 %13 = lshr i64 %11, 32 %14 = trunc i64 %13 to i32 %15 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 %12, i32 %14) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 init_debug_store_on_cpu 4 intel_pmu_cpu_starting ------------- Path:  Function:intel_pmu_cpu_starting %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events.5952* %7 = add i64 %4, ptrtoint (%struct.cpuinfo_x86* @cpu_info to i64) %8 = inttoptr i64 %7 to %struct.cpuinfo_x86* %9 = getelementptr inbounds %struct.cpuinfo_x86, %struct.cpuinfo_x86* %8, i64 0, i32 27 %10 = load i16, i16* %9, align 2 %11 = zext i16 %10 to i32 tail call void @init_debug_store_on_cpu(i32 %0) #69 Function:init_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %16, label %10 %11 = ptrtoint %struct.debug_store* %8 to i64 %12 = trunc i64 %11 to i32 %13 = lshr i64 %11, 32 %14 = trunc i64 %13 to i32 %15 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 %12, i32 %14) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 fini_debug_store_on_cpu 4 intel_pmu_cpu_dying ------------- Path:  Function:intel_pmu_cpu_dying tail call void @fini_debug_store_on_cpu(i32 %0) #69 Function:fini_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %12, label %10 %11 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 0, i32 0) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_on_cpu 3 fini_debug_store_on_cpu 4 intel_pmu_cpu_dying ------------- Path:  Function:intel_pmu_cpu_dying tail call void @fini_debug_store_on_cpu(i32 %0) #69 Function:fini_debug_store_on_cpu %2 = sext i32 %0 to i64 %3 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %2 %4 = load i64, i64* %3, align 8 %5 = add i64 %4, ptrtoint (%struct.cpu_hw_events* @cpu_hw_events to i64) %6 = inttoptr i64 %5 to %struct.cpu_hw_events* %7 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %6, i64 0, i32 14 %8 = load %struct.debug_store*, %struct.debug_store** %7, align 8 %9 = icmp eq %struct.debug_store* %8, null br i1 %9, label %12, label %10 %11 = tail call i32 @wrmsr_on_cpu(i32 %0, i32 1536, i32 0, i32 0) #69 Function:wrmsr_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 wrmsr_safe_on_cpu 3 msr_write.25797 ------------- Path:  Function:msr_write.25797 %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = tail call i32 @security_locked_down(i32 8) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = bitcast i8* %1 to i32* %20 = and i64 %2, 7 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %51 %23 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %24 = icmp eq i64 %2, 0 br i1 %24, label %49, label %25 %26 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 br label %27 %28 = phi i64 [ 0, %25 ], [ %41, %39 ] %29 = phi i64 [ %2, %25 ], [ %42, %39 ] %30 = phi i32* [ %19, %25 ], [ %40, %39 ] %31 = bitcast i32* %30 to i8* %32 = call i64 @_copy_from_user(i8* nonnull %6, i8* %31, i64 8) #69 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %44 %35 = load i32, i32* %23, align 4 %36 = load i32, i32* %26, align 4 %37 = call i32 @wrmsr_safe_on_cpu(i32 %13, i32 %8, i32 %35, i32 %36) #69 Function:wrmsr_safe_on_cpu %5 = alloca %struct.msr_info, align 8 %6 = bitcast %struct.msr_info* %5 to i8* %7 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 0 store i32 %1, i32* %7, align 8 %8 = getelementptr inbounds %struct.msr_info, %struct.msr_info* %5, i64 0, i32 1, i32 0 %9 = bitcast %struct.anon.1* %8 to %struct.util_est* %10 = bitcast %struct.anon.1* %8 to i32* store i32 %2, i32* %10, align 8 %11 = getelementptr inbounds %struct.util_est, %struct.util_est* %9, i64 0, i32 1 store i32 %3, i32* %11, align 4 %12 = call i32 @smp_call_function_single(i32 %0, void (i8*)* nonnull @__wrmsr_safe_on_cpu, i8* nonnull %6, i32 1) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 arch_freq_prepare_all 3 cpuinfo_open ------------- Path:  Function:cpuinfo_open tail call void @arch_freq_prepare_all() #69 Function:arch_freq_prepare_all %1 = tail call i64 @ktime_get() #69 %2 = load i32, i32* @cpu_khz, align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %36, label %4 %5 = load volatile i64, i64* bitcast (i32* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 11, i64 2) to i64*), align 8 %6 = and i64 %5, 1152921504606846976 %7 = icmp eq i64 %6, 0 br i1 %7, label %36, label %8 %9 = phi i1 [ true, %4 ], [ false, %30 ] %10 = phi i32 [ -1, %4 ], [ %15, %30 ] br label %11 %12 = phi i32 [ %15, %33 ], [ %10, %8 ] br label %13 %14 = phi i32 [ %15, %19 ], [ %12, %11 ] %15 = tail call i32 @cpumask_next(i32 %14, %struct.cpumask* nonnull @__cpu_online_mask) #69 %16 = load i32, i32* @nr_cpu_ids, align 4 %17 = icmp ult i32 %15, %16 br i1 %17, label %18, label %34 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.static_key_false, %struct.static_key_false* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @housekeeping_overridden to %struct.static_key_false*), i64 0, i32 0), i1 false, i8* blockaddress(@arch_freq_prepare_all, %19)) #6 to label %21 [label %19], !srcloc !4 %22 = sext i32 %15 to i64 %23 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %22 %24 = load i64, i64* %23, align 8 %25 = add i64 %24, ptrtoint (i64* getelementptr inbounds (%struct.aperfmperf_sample, %struct.aperfmperf_sample* @samples, i64 0, i32 1) to i64) %26 = inttoptr i64 %25 to i64* %27 = load i64, i64* %26, align 8 %28 = sub i64 %1, %27 %29 = icmp slt i64 %28, 10000000 br i1 %29, label %33, label %30 %31 = tail call i32 @smp_call_function_single(i32 %15, void (i8*)* nonnull @aperfmperf_snapshot_khz, i8* null, i32 0) #69 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_adjtimex 6 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_adjtimex 6 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_adjtimex 6 __se_sys_adjtimex_time32 7 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #69 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_adjtimex 6 __se_sys_adjtimex_time32 7 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #69 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __se_sys_settimeofday 8 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.54* %3 to i8* %7 = bitcast %struct.anon.54* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.54* null, %struct.anon.54* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.54* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __se_sys_settimeofday 8 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.54* %3 to i8* %7 = bitcast %struct.anon.54* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.54* null, %struct.anon.54* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.54* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 timekeeping_inject_offset 6 timekeeping_warp_clock 7 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.util_est, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = bitcast %struct.anon.54* %2 to i8* %12 = bitcast %struct.anon.54* %3 to i8* %13 = bitcast %struct.util_est* %4 to i8* %14 = icmp eq i64 %7, 0 br i1 %14, label %31, label %15 %16 = inttoptr i64 %7 to i8* %17 = call i32 @compat_get_timeval(%struct.anon.54* nonnull %3, i8* nonnull %16) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp slt i64 %21, 0 br i1 %22, label %72, label %23 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = icmp ult i64 %25, 1000000 br i1 %26, label %27, label %72 %28 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %21, i64* %28, align 8 %29 = mul nuw nsw i64 %25, 1000 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 %29, i64* %30, align 8 br label %31 %32 = icmp eq i64 %10, 0 br i1 %32, label %37, label %33 %34 = inttoptr i64 %10 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %34, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %72 %38 = phi %struct.util_est* [ null, %31 ], [ %4, %33 ] %39 = select i1 %14, %struct.anon.54* null, %struct.anon.54* %2 br i1 %14, label %50, label %40 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = icmp slt i64 %42, 0 br i1 %43, label %69, label %44 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %46 = load i64, i64* %45, align 8 %47 = icmp ult i64 %46, 1000000000 %48 = icmp ult i64 %42, 8277292036 %49 = and i1 %48, %47 br i1 %49, label %50, label %69 %51 = call i32 @security_settime64(%struct.anon.54* %39, %struct.util_est* %38) #69 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %69 %54 = icmp eq %struct.util_est* %38, null br i1 %54, label %66, label %55 %56 = getelementptr inbounds %struct.util_est, %struct.util_est* %38, i64 0, i32 0 %57 = load i32, i32* %56, align 4 %58 = add i32 %57, 900 %59 = icmp ugt i32 %58, 1800 br i1 %59, label %69, label %60 %61 = bitcast %struct.util_est* %38 to i64* %62 = load i64, i64* %61, align 4 store i64 %62, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %63 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %63, label %66, label %64 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %65, label %67 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.anon.54* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.anon.54* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.anon.54* %2 to i8* %8 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i64, i64 } %8, 0 %10 = extractvalue { i32*, i64, i64 } %8, 1 %11 = extractvalue { i32*, i64, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = shl i64 %10, 32 %14 = ashr exact i64 %13, 32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %12, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu 4 clock_was_set 5 do_settimeofday64 6 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.anon.54* %2 to i8* %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = shl i64 %11, 32 %15 = ashr exact i64 %14, 32 %16 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %13, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %27, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %20, align 8 %21 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single 2 smp_call_function_many 3 on_each_cpu_cond_mask 4 on_each_cpu_cond 5 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #69 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %18, label %13 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 store i32 %11, i32* %19, align 4 %20 = bitcast %struct.kmem_cache* %0 to i8* call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %20, i1 zeroext true, i32 2592) #69 Function:on_each_cpu_cond tail call void @on_each_cpu_cond_mask(i1 (i32, i8*)* %0, void (i8*)* %1, i8* %2, i1 zeroext %3, i32 %4, %struct.cpumask* nonnull @__cpu_online_mask) #69 Function:on_each_cpu_cond_mask %7 = alloca i64, align 8 %8 = alloca [1 x %struct.cpumask], align 8 %9 = bitcast [1 x %struct.cpumask]* %8 to i8* %10 = and i32 %4, 1024 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %8, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %16 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %5) #69 %17 = load i32, i32* @nr_cpu_ids, align 4 %18 = icmp ult i32 %16, %17 br i1 %18, label %19, label %28 %20 = phi i32 [ %25, %24 ], [ %16, %14 ] %21 = call zeroext i1 %0(i32 %20, i8* %2) #69 br i1 %21, label %22, label %24 %23 = zext i32 %20 to i64 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %15, i64 %23) #6, !srcloc !4 br label %24 %25 = call i32 @cpumask_next(i32 %20, %struct.cpumask* %5) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %19, label %28 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %8, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %29, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %47 = zext i1 %3 to i32 %48 = call i32 @smp_call_function_single(i32 %34, void (i8*)* %1, i8* %2, i32 %47) #70 Function:smp_call_function_single %5 = alloca i64, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.__call_single_data* %6 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !5 %9 = zext i32 %8 to i64 %10 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %9) #6, !srcloc !6 %11 = and i8 %10, 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %22, label %13 %23 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !11 %24 = and i32 %23, 2031872 %25 = icmp eq i32 %24, 0 br i1 %25, label %27, label %26, !prof !12, !misexpect !13 %28 = icmp eq i32 %3, 0 br i1 %28, label %29, label %44 %45 = call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* nonnull %6, void (i8*)* %1, i8* %2) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 rdmsr_safe_on_cpu 3 msr_read.25795 ------------- Path:  Function:msr_read.25795 %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = and i64 %2, 7 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %44 %17 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 0 %18 = getelementptr inbounds [2 x i32], [2 x i32]* %5, i64 0, i64 1 %19 = icmp eq i64 %2, 0 br i1 %19, label %42, label %20 %21 = bitcast i8* %1 to i32* br label %22 %23 = phi i64 [ %34, %32 ], [ 0, %20 ] %24 = phi i64 [ %35, %32 ], [ %2, %20 ] %25 = phi i32* [ %33, %32 ], [ %21, %20 ] %26 = call i32 @rdmsr_safe_on_cpu(i32 %13, i32 %8, i32* nonnull %17, i32* %18) #69 Function:rdmsr_safe_on_cpu %5 = alloca %struct.msr_info_completion, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.msr_info_completion* %5 to i8* %8 = bitcast %struct.__call_single_data* %6 to i8* %9 = bitcast %struct.__call_single_data* %6 to i64* store i64 0, i64* %9, align 32 %10 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 store void (i8*)* @__rdmsr_safe_on_cpu, void (i8*)** %10, align 8 %11 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %12 = bitcast i8** %11 to %struct.msr_info_completion** store %struct.msr_info_completion* %5, %struct.msr_info_completion** %12, align 16 %13 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 3 store i32 0, i32* %13, align 8 %14 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 1, i32 1 %15 = bitcast %struct.msr_info_completion* %5 to i8* call void @__init_waitqueue_head(%struct.wait_queue_head* %14, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.1.25758, i64 0, i64 0), %struct.lock_class_key* nonnull @__init_completion.__key.25759) #69 %16 = getelementptr inbounds %struct.msr_info_completion, %struct.msr_info_completion* %5, i64 0, i32 0, i32 0 store i32 %1, i32* %16, align 8 %17 = call i32 @smp_call_function_single_async(i32 %0, %struct.__call_single_data* nonnull %6) #69 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %16, label %7, !prof !5, !misexpect !6 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %17 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 %18 = load void (i8*)*, void (i8*)** %17, align 8 %19 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 %20 = load i8*, i8** %19, align 8 %21 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1, void (i8*)* %18, i8* %20) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_exec_single 1 smp_call_function_single_async 2 cpuid_read ------------- Path:  Function:cpuid_read %5 = alloca %struct.cpuid_regs_done, align 8 %6 = alloca %struct.__call_single_data, align 32 %7 = bitcast %struct.cpuid_regs_done* %5 to i8* %8 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %9 = load %struct.inode*, %struct.inode** %8, align 8 %10 = getelementptr inbounds %struct.inode, %struct.inode* %9, i64 0, i32 13 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 1048575 %13 = and i64 %2, 15 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %58 %16 = load i64, i64* %3, align 8 %17 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1 %18 = getelementptr inbounds %struct.completion, %struct.completion* %17, i64 0, i32 0 store i32 0, i32* %18, align 8 %19 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 1, i32 1 call void @__init_waitqueue_head(%struct.wait_queue_head* %19, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.4.3167, i64 0, i64 0), %struct.lock_class_key* nonnull @__init_completion.__key) #69 %20 = icmp eq i64 %2, 0 br i1 %20, label %56, label %21 %22 = bitcast %struct.__call_single_data* %6 to i8* %23 = bitcast %struct.__call_single_data* %6 to i64* %24 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 1 %25 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 2 %26 = bitcast i8** %25 to %struct.cpuid_regs_done** %27 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %6, i64 0, i32 3 %28 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 0 %29 = getelementptr inbounds %struct.cpuid_regs_done, %struct.cpuid_regs_done* %5, i64 0, i32 0, i32 2 br label %30 %31 = phi i64 [ 0, %21 ], [ %47, %45 ] %32 = phi i64 [ %16, %21 ], [ %48, %45 ] %33 = phi i8* [ %1, %21 ], [ %46, %45 ] %34 = phi i64 [ %2, %21 ], [ %49, %45 ] store i64 0, i64* %23, align 32 store void (i8*)* @cpuid_smp_cpuid, void (i8*)** %24, align 8 store %struct.cpuid_regs_done* %5, %struct.cpuid_regs_done** %26, align 16 store i32 0, i32* %27, align 8 %35 = trunc i64 %32 to i32 store i32 %35, i32* %28, align 8 %36 = lshr i64 %32, 32 %37 = trunc i64 %36 to i32 store i32 %37, i32* %29, align 8 %38 = call i32 @smp_call_function_single_async(i32 %12, %struct.__call_single_data* nonnull %6) #69 Function:smp_call_function_single_async tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 1 %6 = icmp eq i32 %5, 0 br i1 %6, label %16, label %7, !prof !5, !misexpect !6 store i32 1, i32* %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %17 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 %18 = load void (i8*)*, void (i8*)** %17, align 8 %19 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 %20 = load i8*, i8** %19, align 8 %21 = tail call fastcc i32 @generic_exec_single(i32 %0, %struct.__call_single_data* %1, void (i8*)* %18, i8* %20) #69 Function:generic_exec_single %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = icmp eq i32 %6, %0 br i1 %7, label %8, label %17 %18 = load i32, i32* @nr_cpu_ids, align 4 %19 = icmp ugt i32 %18, %0 br i1 %19, label %20, label %25 %21 = zext i32 %0 to i64 %22 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %21) #6, !srcloc !13 %23 = and i8 %22, 1 %24 = icmp eq i8 %23, 0 br i1 %24, label %25, label %32 %33 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 1 store void (i8*)* %2, void (i8*)** %33, align 8 %34 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 2 store i8* %3, i8** %34, align 8 %35 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %1, i64 0, i32 0 %36 = sext i32 %0 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.llist_node* @call_single_queue to i64) %40 = inttoptr i64 %39 to %struct.llist_node* %41 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %35, %struct.llist_node* %35, %struct.llist_node* %40) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_adjtimex 4 __x64_sys_adjtimex ------------- Path:  Function:__x64_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 208) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %15 %10 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_adjtimex 4 __ia32_sys_adjtimex ------------- Path:  Function:__ia32_sys_adjtimex %2 = alloca %struct.__kernel_timex, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__kernel_timex* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 208) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %16 %11 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %2) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_adjtimex 4 __se_sys_adjtimex_time32 5 __ia32_sys_adjtimex_time32 ------------- Path:  Function:__ia32_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %4) #69 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_adjtimex 4 __se_sys_adjtimex_time32 5 __x64_sys_adjtimex_time32 ------------- Path:  Function:__x64_sys_adjtimex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = tail call fastcc i64 @__se_sys_adjtimex_time32(i64 %3) #69 Function:__se_sys_adjtimex_time32 %2 = alloca %struct.old_timex32, align 4 %3 = alloca %struct.old_timex32, align 4 %4 = alloca %struct.__kernel_timex, align 8 %5 = bitcast %struct.__kernel_timex* %4 to i8* %6 = bitcast %struct.old_timex32* %3 to i8* %7 = inttoptr i64 %0 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 128) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %11, label %10 %12 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 0 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 0 store i32 %13, i32* %14, align 8 %15 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = sext i32 %16 to i64 %18 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 2 store i64 %17, i64* %18, align 8 %19 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = sext i32 %20 to i64 %22 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 3 store i64 %21, i64* %22, align 8 %23 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = sext i32 %24 to i64 %26 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 4 store i64 %25, i64* %26, align 8 %27 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = sext i32 %28 to i64 %30 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 5 store i64 %29, i64* %30, align 8 %31 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 6 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 6 %35 = load i32, i32* %34, align 4 %36 = sext i32 %35 to i64 %37 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 8 store i64 %36, i64* %37, align 8 %38 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 7 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 9 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 8 %43 = load i32, i32* %42, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 10 store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 0 %47 = load i32, i32* %46, align 4 %48 = sext i32 %47 to i64 %49 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 0 store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 9, i32 1 %51 = load i32, i32* %50, align 4 %52 = sext i32 %51 to i64 %53 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 11, i32 1 store i64 %52, i64* %53, align 8 %54 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 10 %55 = load i32, i32* %54, align 4 %56 = sext i32 %55 to i64 %57 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 12 store i64 %56, i64* %57, align 8 %58 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 11 %59 = load i32, i32* %58, align 4 %60 = sext i32 %59 to i64 %61 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 13 store i64 %60, i64* %61, align 8 %62 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 12 %63 = load i32, i32* %62, align 4 %64 = sext i32 %63 to i64 %65 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 14 store i64 %64, i64* %65, align 8 %66 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 13 %67 = load i32, i32* %66, align 4 %68 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 15 store i32 %67, i32* %68, align 8 %69 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 14 %70 = load i32, i32* %69, align 4 %71 = sext i32 %70 to i64 %72 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 17 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 15 %74 = load i32, i32* %73, align 4 %75 = sext i32 %74 to i64 %76 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 18 store i64 %75, i64* %76, align 8 %77 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 16 %78 = load i32, i32* %77, align 4 %79 = sext i32 %78 to i64 %80 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 19 store i64 %79, i64* %80, align 8 %81 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 17 %82 = load i32, i32* %81, align 4 %83 = sext i32 %82 to i64 %84 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 20 store i64 %83, i64* %84, align 8 %85 = getelementptr inbounds %struct.old_timex32, %struct.old_timex32* %3, i64 0, i32 18 %86 = load i32, i32* %85, align 4 %87 = sext i32 %86 to i64 %88 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %4, i64 0, i32 21 store i64 %87, i64* %88, align 8 %89 = call i32 @do_adjtimex(%struct.__kernel_timex* nonnull %4) #69 Function:do_adjtimex %2 = alloca %struct.audit_ntp_data, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca i32, align 4 %5 = alloca %struct.anon.54, align 8 %6 = bitcast %struct.audit_ntp_data* %2 to i8* %7 = bitcast %struct.anon.54* %3 to i8* %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = trunc i32 %10 to i16 %12 = icmp sgt i16 %11, -1 br i1 %12, label %23, label %13 %24 = icmp eq i32 %10, 0 br i1 %24, label %63, label %25 %26 = tail call zeroext i1 @capable(i32 25) #69 br i1 %26, label %27, label %138 %28 = load i32, i32* %9, align 8 %29 = and i32 %28, 16384 %30 = icmp eq i32 %29, 0 br i1 %30, label %36, label %31 %32 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 12 %33 = load i64, i64* %32, align 8 %34 = add i64 %33, -9000 %35 = icmp ugt i64 %34, 2000 br i1 %35, label %138, label %36 %37 = phi i32 [ %22, %21 ], [ %28, %31 ], [ %10, %16 ], [ %28, %27 ] %38 = and i32 %37, 256 %39 = icmp eq i32 %38, 0 br i1 %39, label %54, label %40 %41 = tail call zeroext i1 @capable(i32 25) #69 br i1 %41, label %42, label %138 %43 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %44 = load i64, i64* %43, align 8 %45 = icmp slt i64 %44, 0 br i1 %45, label %138, label %46 %47 = load i32, i32* %9, align 8 %48 = and i32 %47, 8192 %49 = icmp eq i32 %48, 0 br i1 %49, label %52, label %50 %53 = icmp sgt i64 %44, 999999 br i1 %53, label %138, label %54 %55 = phi i32 [ %37, %36 ], [ %47, %50 ], [ %47, %52 ] %56 = and i32 %55, 2 %57 = icmp eq i32 %56, 0 br i1 %57, label %63, label %58 %59 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 3 %60 = load i64, i64* %59, align 8 %61 = add i64 %60, 140737488355 %62 = icmp ugt i64 %61, 281474976710 br i1 %62, label %138, label %63 %64 = bitcast %struct.__kernel_timex* %0 to i8* tail call void @add_device_randomness(i8* %64, i64 208) #69 %65 = load i32, i32* %9, align 8 %66 = and i32 %65, 256 %67 = icmp eq i32 %66, 0 br i1 %67, label %97, label %68 %69 = bitcast %struct.anon.54* %5 to i8* %70 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 0 %71 = load i64, i64* %70, align 8 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 store i64 %71, i64* %72, align 8 %73 = getelementptr inbounds %struct.__kernel_timex, %struct.__kernel_timex* %0, i64 0, i32 11, i32 1 %74 = load i64, i64* %73, align 8 %75 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %76 = and i32 %65, 8192 %77 = icmp eq i32 %76, 0 %78 = mul i64 %74, 1000 %79 = select i1 %77, i64 %78, i64 %74 store i64 %79, i64* %75, align 8 %80 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %5) #70 %81 = icmp eq i32 %80, 0 br i1 %81, label %82, label %96 %83 = or i64 %79, %71 %84 = icmp eq i64 %83, 0 br i1 %84, label %95, label %85 br label %97 call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #70 call void @add_device_randomness(i8* nonnull %7, i64 16) #69 %98 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %99 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %100 = add i32 %99, 1 store i32 %100, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %101 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 8), align 8 store i32 %101, i32* %4, align 4 %102 = call i32 @__do_adjtimex(%struct.__kernel_timex* %0, %struct.anon.54* nonnull %3, i32* nonnull %4, %struct.audit_ntp_data* nonnull %2) #69 %103 = load i32, i32* %4, align 4 %104 = icmp eq i32 %103, %101 br i1 %104, label %110, label %105 %111 = call i64 @ntp_get_next_leap() #69 store i64 %111, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 11), align 8 %112 = icmp eq i64 %111, 9223372036854775807 br i1 %112, label %116, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %117 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %118 = add i32 %117, 1 store i32 %118, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %98) #69 %119 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %120 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %119, i64 0, i32 97 %121 = load %struct.audit_context*, %struct.audit_context** %120, align 8 %122 = icmp eq %struct.audit_context* %121, null br i1 %122, label %128, label %123 %129 = load i32, i32* %9, align 8 %130 = and i32 %129, 16386 %131 = icmp eq i32 %130, 0 br i1 %131, label %133, label %132 %134 = load i32, i32* %4, align 4 %135 = icmp eq i32 %134, %101 br i1 %135, label %137, label %136 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __se_sys_settimeofday 6 __ia32_sys_settimeofday ------------- Path:  Function:__ia32_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_settimeofday(i64 %4, i64 %7) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.54* %3 to i8* %7 = bitcast %struct.anon.54* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.54* null, %struct.anon.54* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.54* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __se_sys_settimeofday 6 __x64_sys_settimeofday ------------- Path:  Function:__x64_sys_settimeofday %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_settimeofday(i64 %3, i64 %5) #69 Function:__se_sys_settimeofday %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.util_est, align 4 %6 = bitcast %struct.anon.54* %3 to i8* %7 = bitcast %struct.anon.54* %4 to i8* %8 = bitcast %struct.util_est* %5 to i8* %9 = icmp eq i64 %0, 0 br i1 %9, label %26, label %10 %11 = inttoptr i64 %0 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %7, i8* nonnull %11, i64 16) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %67 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %67, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000 br i1 %21, label %22, label %67 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 store i64 %16, i64* %23, align 8 %24 = mul nuw nsw i64 %20, 1000 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 store i64 %24, i64* %25, align 8 br label %26 %27 = icmp eq i64 %1, 0 br i1 %27, label %32, label %28 %29 = inttoptr i64 %1 to i8* %30 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %29, i64 8) #69 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %67 %33 = phi %struct.util_est* [ null, %26 ], [ %5, %28 ] %34 = select i1 %9, %struct.anon.54* null, %struct.anon.54* %3 br i1 %9, label %45, label %35 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = icmp slt i64 %37, 0 br i1 %38, label %64, label %39 %40 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %41 = load i64, i64* %40, align 8 %42 = icmp ult i64 %41, 1000000000 %43 = icmp ult i64 %37, 8277292036 %44 = and i1 %43, %42 br i1 %44, label %45, label %64 %46 = call i32 @security_settime64(%struct.anon.54* %34, %struct.util_est* %33) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %64 %49 = icmp eq %struct.util_est* %33, null br i1 %49, label %61, label %50 %51 = getelementptr inbounds %struct.util_est, %struct.util_est* %33, i64 0, i32 0 %52 = load i32, i32* %51, align 4 %53 = add i32 %52, 900 %54 = icmp ugt i32 %53, 1800 br i1 %54, label %64, label %55 %56 = bitcast %struct.util_est* %33 to i64* %57 = load i64, i64* %56, align 4 store i64 %57, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %58 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %58, label %61, label %59 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %9, label %60, label %62 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 timekeeping_inject_offset 4 timekeeping_warp_clock 5 __ia32_compat_sys_settimeofday ------------- Path:  Function:__ia32_compat_sys_settimeofday %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.util_est, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = bitcast %struct.anon.54* %2 to i8* %12 = bitcast %struct.anon.54* %3 to i8* %13 = bitcast %struct.util_est* %4 to i8* %14 = icmp eq i64 %7, 0 br i1 %14, label %31, label %15 %16 = inttoptr i64 %7 to i8* %17 = call i32 @compat_get_timeval(%struct.anon.54* nonnull %3, i8* nonnull %16) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %72 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = icmp slt i64 %21, 0 br i1 %22, label %72, label %23 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = icmp ult i64 %25, 1000000 br i1 %26, label %27, label %72 %28 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %21, i64* %28, align 8 %29 = mul nuw nsw i64 %25, 1000 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 %29, i64* %30, align 8 br label %31 %32 = icmp eq i64 %10, 0 br i1 %32, label %37, label %33 %34 = inttoptr i64 %10 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %34, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %72 %38 = phi %struct.util_est* [ null, %31 ], [ %4, %33 ] %39 = select i1 %14, %struct.anon.54* null, %struct.anon.54* %2 br i1 %14, label %50, label %40 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = icmp slt i64 %42, 0 br i1 %43, label %69, label %44 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %46 = load i64, i64* %45, align 8 %47 = icmp ult i64 %46, 1000000000 %48 = icmp ult i64 %42, 8277292036 %49 = and i1 %48, %47 br i1 %49, label %50, label %69 %51 = call i32 @security_settime64(%struct.anon.54* %39, %struct.util_est* %38) #69 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %69 %54 = icmp eq %struct.util_est* %38, null br i1 %54, label %66, label %55 %56 = getelementptr inbounds %struct.util_est, %struct.util_est* %38, i64 0, i32 0 %57 = load i32, i32* %56, align 4 %58 = add i32 %57, 900 %59 = icmp ugt i32 %58, 1800 br i1 %59, label %69, label %60 %61 = bitcast %struct.util_est* %38 to i64* %62 = load i64, i64* %61, align 4 store i64 %62, i64* bitcast (%struct.util_est* @sys_tz to i64*), align 8 call void @update_vsyscall_tz() #69 %63 = load i1, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %63, label %66, label %64 store i1 true, i1* @do_sys_settimeofday64.firsttime, align 4 br i1 %14, label %65, label %67 call void @timekeeping_warp_clock() #69 Function:timekeeping_warp_clock %1 = alloca %struct.anon.54, align 8 %2 = load i32, i32* getelementptr inbounds (%struct.util_est, %struct.util_est* @sys_tz, i64 0, i32 0), align 4 %3 = icmp eq i32 %2, 0 br i1 %3, label %11, label %4 %5 = bitcast %struct.anon.54* %1 to i8* store i32 1, i32* @persistent_clock_is_local, align 4 %6 = mul i32 %2, 60 %7 = sext i32 %6 to i64 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 0 store i64 %7, i64* %8, align 8 %9 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %1, i64 0, i32 1 store i64 0, i64* %9, align 8 %10 = call fastcc i32 @timekeeping_inject_offset(%struct.anon.54* nonnull %1) #69 Function:timekeeping_inject_offset %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 999999999 br i1 %6, label %143, label %7 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %9 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %10 = add i32 %9, 1 store i32 %10, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %12 = inttoptr i64 %11 to %struct.clocksource.79441* %13 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %12, i64 0, i32 0 %14 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %13, align 8 %15 = tail call i64 %14(%struct.clocksource.79441* %12) #69 %16 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %17 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %18 = sub i64 %15, %16 %19 = and i64 %18, %17 %20 = lshr i64 %17, 1 %21 = xor i64 %20, -1 %22 = and i64 %19, %21 %23 = icmp eq i64 %22, 0 %24 = select i1 %23, i64 %19, i64 0 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %15, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %25 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %26 = zext i32 %25 to i64 %27 = mul i64 %24, %26 %28 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %29 = add i64 %27, %28 store i64 %29, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %30 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %31 = zext i32 %30 to i64 %32 = mul i64 %24, %31 %33 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %34 = add i64 %32, %33 store i64 %34, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %35 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %36 = zext i32 %35 to i64 %37 = shl i64 1000000000, %36 %38 = icmp ult i64 %29, %37 br i1 %38, label %42, label %39 %40 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %50 %51 = phi i64 [ %40, %39 ], [ %54, %50 ] %52 = phi i64 [ %29, %39 ], [ %53, %50 ] %53 = sub i64 %52, %37 %54 = add i64 %51, 1 %55 = icmp ult i64 %53, %37 br i1 %55, label %41, label %50 store i64 %53, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %54, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %42 %43 = phi i64 [ %53, %41 ], [ %29, %7 ] %44 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %45 = zext i32 %44 to i64 %46 = shl i64 1000000000, %45 %47 = icmp ult i64 %34, %46 br i1 %47, label %63, label %48 %64 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %65 = lshr i64 %43, %36 %66 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %67 = load i64, i64* %66, align 8 %68 = load i64, i64* %4, align 8 %69 = bitcast %struct.anon.54* %3 to i8* %70 = add i64 %67, %64 %71 = add i64 %68, %65 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %70, i64 %71) #69 %72 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %73 = load i64, i64* %72, align 8 %74 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %75 = load i64, i64* %74, align 8 %76 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %77 = load i64, i64* %66, align 8 %78 = icmp slt i64 %76, %77 br i1 %78, label %89, label %79 %90 = icmp slt i64 %73, 0 br i1 %90, label %139, label %91 %140 = phi i32 [ 0, %128 ], [ -22, %91 ], [ -22, %81 ], [ -22, %79 ], [ -22, %89 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %141 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %142 = add i32 %141, 1 store i32 %142, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %8) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __x64_sys_stime ------------- Path:  Function:__x64_sys_stime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i64** %5 = load i64*, i64** %4, align 8 %6 = bitcast %struct.anon.54* %2 to i8* %8 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %5, i64 8, i64 %7) #6, !srcloc !4 %9 = extractvalue { i64*, i64, i64 } %8, 0 %10 = extractvalue { i64*, i64, i64 } %8, 1 %11 = extractvalue { i64*, i64, i64 } %8, 2 %12 = ptrtoint i64* %9 to i64 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %10, i64* %13, align 8 %14 = and i64 %12, 4294967295 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %24, !prof !5, !misexpect !6 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %17, align 8 %18 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %22, label %20 %23 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __ia32_sys_stime ------------- Path:  Function:__ia32_sys_stime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i64* %7 = bitcast %struct.anon.54* %2 to i8* %9 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 8, i64 %8) #6, !srcloc !4 %10 = extractvalue { i64*, i64, i64 } %9, 0 %11 = extractvalue { i64*, i64, i64 } %9, 1 %12 = extractvalue { i64*, i64, i64 } %9, 2 %13 = ptrtoint i64* %10 to i64 %14 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %11, i64* %14, align 8 %15 = and i64 %13, 4294967295 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %25, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %18, align 8 %19 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %23, label %21 %24 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __x64_sys_stime32 ------------- Path:  Function:__x64_sys_stime32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i32** %5 = load i32*, i32** %4, align 8 %6 = bitcast %struct.anon.54* %2 to i8* %8 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %5, i64 4, i64 %7) #6, !srcloc !4 %9 = extractvalue { i32*, i64, i64 } %8, 0 %10 = extractvalue { i32*, i64, i64 } %8, 1 %11 = extractvalue { i32*, i64, i64 } %8, 2 %12 = ptrtoint i32* %9 to i64 %13 = shl i64 %10, 32 %14 = ashr exact i64 %13, 32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %14, i64* %15, align 8 %16 = and i64 %12, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %26, !prof !5, !misexpect !6 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %19, align 8 %20 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu 2 clock_was_set 3 do_settimeofday64 4 __ia32_sys_stime32 ------------- Path:  Function:__ia32_sys_stime32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = inttoptr i64 %5 to i32* %7 = bitcast %struct.anon.54* %2 to i8* %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %6, i64 4, i64 %8) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = shl i64 %11, 32 %15 = ashr exact i64 %14, 32 %16 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = and i64 %13, 4294967295 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %27, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 store i64 0, i64* %20, align 8 %21 = call i32 @security_settime64(%struct.anon.54* nonnull %2, %struct.util_est* null) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %25, label %23 %26 = call i32 @do_settimeofday64(%struct.anon.54* nonnull %2) #69 Function:do_settimeofday64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = icmp slt i64 %5, 0 br i1 %6, label %126, label %7 %8 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %9 = load i64, i64* %8, align 8 %10 = icmp ult i64 %9, 1000000000 %11 = icmp ult i64 %5, 8277292036 %12 = and i1 %11, %10 br i1 %12, label %13, label %126 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* nonnull @timekeeper_lock) #69 %15 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %16 = add i32 %15, 1 store i32 %16, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %17 = load volatile i64, i64* bitcast (%struct.tk_read_base* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0) to i64*), align 8 %18 = inttoptr i64 %17 to %struct.clocksource.79441* %19 = getelementptr inbounds %struct.clocksource.79441, %struct.clocksource.79441* %18, i64 0, i32 0 %20 = load i64 (%struct.clocksource.79441*)*, i64 (%struct.clocksource.79441*)** %19, align 8 %21 = tail call i64 %20(%struct.clocksource.79441* %18) #69 %22 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 %23 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 1), align 8 %24 = sub i64 %21, %22 %25 = and i64 %24, %23 %26 = lshr i64 %23, 1 %27 = xor i64 %26, -1 %28 = and i64 %25, %27 %29 = icmp eq i64 %28, 0 %30 = select i1 %29, i64 %25, i64 0 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 2), align 8 store i64 %21, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 2), align 8 %31 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 3), align 8 %32 = zext i32 %31 to i64 %33 = mul i64 %30, %32 %34 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %35 = add i64 %33, %34 store i64 %35, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 %36 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 3), align 8 %37 = zext i32 %36 to i64 %38 = mul i64 %30, %37 %39 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %40 = add i64 %38, %39 store i64 %40, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 5), align 8 %41 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 4), align 4 %42 = zext i32 %41 to i64 %43 = shl i64 1000000000, %42 %44 = icmp ult i64 %35, %43 br i1 %44, label %48, label %45 %46 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %56 %57 = phi i64 [ %46, %45 ], [ %60, %56 ] %58 = phi i64 [ %35, %45 ], [ %59, %56 ] %59 = sub i64 %58, %43 %60 = add i64 %57, 1 %61 = icmp ult i64 %59, %43 br i1 %61, label %47, label %56 store i64 %59, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 0, i32 5), align 8 store i64 %60, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 br label %48 %49 = phi i64 [ %59, %47 ], [ %35, %13 ] %50 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 1, i32 4), align 4 %51 = zext i32 %50 to i64 %52 = shl i64 1000000000, %51 %53 = icmp ult i64 %40, %52 br i1 %53, label %69, label %54 %70 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 2), align 8 %71 = lshr i64 %49, %42 %72 = load i64, i64* %4, align 8 %73 = load i64, i64* %8, align 8 %74 = bitcast %struct.anon.54* %3 to i8* %75 = sub i64 %72, %70 %76 = sub i64 %73, %71 call void @set_normalized_timespec64(%struct.anon.54* nonnull %3, i64 %75, i64 %76) #69 %77 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %78 = load i64, i64* %77, align 8 %79 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %80 = load i64, i64* %79, align 8 %81 = load i64, i64* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1, i32 4, i32 0), align 8 %82 = icmp slt i64 %81, %78 br i1 %82, label %83, label %86 %87 = icmp sgt i64 %81, %78 br i1 %87, label %106, label %88 %107 = phi i1 [ true, %93 ], [ false, %88 ], [ false, %86 ] %108 = phi i32 [ 0, %93 ], [ -22, %88 ], [ -22, %86 ] call fastcc void @timekeeping_update(%struct.timekeeper* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 1), i32 7) #70 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %109 = load i32, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 %110 = add i32 %109, 1 store i32 %110, i32* getelementptr inbounds (%struct.anon.73, %struct.anon.73* @tk_core, i64 0, i32 0, i32 0), align 64 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* nonnull @timekeeper_lock, i64 %14) #69 call void @clock_was_set() #69 Function:clock_was_set tail call void @on_each_cpu(void (i8*)* nonnull @retrigger_next_event, i8* null, i32 1) #69 Function:on_each_cpu %4 = alloca i64, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = icmp ne i32 %2, 0 tail call void @smp_call_function_many(%struct.cpumask* nonnull @__cpu_online_mask, void (i8*)* %0, i8* %1, i1 zeroext %5) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 smp_call_function_many 1 on_each_cpu_cond_mask 2 on_each_cpu_cond 3 cpu_partial_store ------------- Path:  Function:cpu_partial_store %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call i32 @kstrtouint(i8* %1, i32 10, i32* nonnull %4) #69 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i32, i32* %4, align 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %18, label %13 %19 = getelementptr inbounds %struct.kmem_cache, %struct.kmem_cache* %0, i64 0, i32 6 store i32 %11, i32* %19, align 4 %20 = bitcast %struct.kmem_cache* %0 to i8* call void @on_each_cpu_cond(i1 (i32, i8*)* nonnull @has_cpu_slab, void (i8*)* nonnull @flush_cpu_slab, i8* %20, i1 zeroext true, i32 2592) #69 Function:on_each_cpu_cond tail call void @on_each_cpu_cond_mask(i1 (i32, i8*)* %0, void (i8*)* %1, i8* %2, i1 zeroext %3, i32 %4, %struct.cpumask* nonnull @__cpu_online_mask) #69 Function:on_each_cpu_cond_mask %7 = alloca i64, align 8 %8 = alloca [1 x %struct.cpumask], align 8 %9 = bitcast [1 x %struct.cpumask]* %8 to i8* %10 = and i32 %4, 1024 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %8, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %15, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %16 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %5) #69 %17 = load i32, i32* @nr_cpu_ids, align 4 %18 = icmp ult i32 %16, %17 br i1 %18, label %19, label %28 %20 = phi i32 [ %25, %24 ], [ %16, %14 ] %21 = call zeroext i1 %0(i32 %20, i8* %2) #69 br i1 %21, label %22, label %24 %23 = zext i32 %20 to i64 call void asm sideeffect " btsq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %15, i64 %23) #6, !srcloc !4 br label %24 %25 = call i32 @cpumask_next(i32 %20, %struct.cpumask* %5) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %19, label %28 %29 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %8, i64 0, i64 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %30 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !6 call void @smp_call_function_many(%struct.cpumask* nonnull %29, void (i8*)* %1, i8* %2, i1 zeroext %3) #69 Function:smp_call_function_many %5 = alloca i64, align 8 %6 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #4, !srcloc !4 %7 = zext i32 %6 to i64 %8 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %7) #6, !srcloc !5 %9 = and i8 %8, 1 %10 = icmp eq i8 %9, 0 br i1 %10, label %23, label %11 %24 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !10 %25 = and i32 %24, 2031872 %26 = icmp eq i32 %25, 0 br i1 %26, label %28, label %27, !prof !11, !misexpect !12 %29 = call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %30 = icmp eq i32 %29, %6 br i1 %30, label %31, label %33 %32 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %33 %34 = phi i32 [ %32, %31 ], [ %29, %28 ] %35 = load i32, i32* @nr_cpu_ids, align 4 %36 = icmp ult i32 %34, %35 br i1 %36, label %37, label %134 %38 = call i32 @cpumask_next_and(i32 %34, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 %39 = icmp eq i32 %38, %6 br i1 %39, label %40, label %42 %41 = call i32 @cpumask_next_and(i32 %6, %struct.cpumask* %0, %struct.cpumask* nonnull @__cpu_online_mask) #69 br label %42 %43 = phi i32 [ %41, %40 ], [ %38, %37 ] %44 = load i32, i32* @nr_cpu_ids, align 4 %45 = icmp ult i32 %43, %44 br i1 %45, label %49, label %46 %50 = call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.call_function_data* nonnull @cfd_data) #6, !srcloc !15 %51 = inttoptr i64 %50 to %struct.call_function_data* %52 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 1, i64 0 %53 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %52, i64 0, i32 0, i64 0 %54 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %55 = load i64, i64* %54, align 8 %56 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), align 8 %57 = and i64 %56, %55 store i64 %57, i64* %53, align 8 call void asm sideeffect " btrq $1,$0", "*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %53, i64 %7) #6, !srcloc !16 %58 = load i64, i64* %53, align 8 %59 = call i64 asm "# ALT: oldnstr\0A661:\0A\09call __sw_hweight64\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 4*32+23)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09popcntq $1, $0\0A6651:\0A.popsection\0A", "={ax},{di},~{dirflag},~{fpsr},~{flags}"(i64 %58) #10, !srcloc !17 %60 = trunc i64 %59 to i32 %61 = icmp eq i32 %60, 0 br i1 %61, label %134, label %62, !prof !18, !misexpect !12 %63 = getelementptr inbounds %struct.call_function_data, %struct.call_function_data* %51, i64 0, i32 2, i64 0 %64 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %63, i64 0, i32 0, i64 0 store i64 0, i64* %64, align 8 %65 = call i32 @cpumask_next(i32 -1, %struct.cpumask* %52) #69 %66 = load i32, i32* @nr_cpu_ids, align 4 %67 = icmp ult i32 %65, %66 br i1 %67, label %68, label %106 %69 = inttoptr i64 %50 to i64* br label %70 %71 = phi i32 [ %65, %68 ], [ %103, %102 ] %72 = load i64, i64* %69, align 8 %73 = sext i32 %71 to i64 %74 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %73 %75 = load i64, i64* %74, align 8 %76 = add i64 %75, %72 %77 = inttoptr i64 %76 to %struct.__call_single_data* %78 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 3 %79 = load volatile i32, i32* %78, align 4 %80 = and i32 %79, 1 %81 = icmp eq i32 %80, 0 br i1 %81, label %86, label %82 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %83 = load volatile i32, i32* %78, align 4 %84 = and i32 %83, 1 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %82 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %87 = load i32, i32* %78, align 8 %88 = or i32 %87, 1 store i32 %88, i32* %78, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 br i1 %3, label %89, label %92 %90 = load i32, i32* %78, align 8 %91 = or i32 %90, 2 store i32 %91, i32* %78, align 8 br label %92 %93 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 1 store void (i8*)* %1, void (i8*)** %93, align 8 %94 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 2 store i8* %2, i8** %94, align 16 %95 = getelementptr inbounds %struct.__call_single_data, %struct.__call_single_data* %77, i64 0, i32 0 %96 = load i64, i64* %74, align 8 %97 = add i64 %96, ptrtoint (%struct.llist_node* @call_single_queue to i64) %98 = inttoptr i64 %97 to %struct.llist_node* %99 = call zeroext i1 @llist_add_batch(%struct.llist_node* %95, %struct.llist_node* %95, %struct.llist_node* %98) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 i915_request_retire 2 i915_retire_requests 3 i915_gem_wait_for_idle 4 i915_gem_mmap_gtt 5 i915_gem_mmap_gtt_ioctl ------------- Path:  Function:i915_gem_mmap_gtt_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i64* %8 = tail call i32 @i915_gem_mmap_gtt(%struct.drm_file.414831* %2, %struct.drm_device.414966* undef, i32 %5, i64* %7) #69 Function:i915_gem_mmap_gtt tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.drm_file.414831, %struct.drm_file.414831* %0, i64 0, i32 12 %6 = zext i32 %2 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #69 %8 = icmp eq i8* %7, null br i1 %8, label %32, label %9 %10 = bitcast i8* %7 to %union.anon.21* %11 = bitcast i8* %7 to i32* %12 = load volatile i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %24, label %14 %15 = phi i32 [ %22, %21 ], [ %12, %9 ] %16 = add i32 %15, 1 %17 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %11, i32 %16, i32* nonnull %11, i32 %15) #6, !srcloc !5 %18 = extractvalue { i8, i32 } %17, 0 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %24, !prof !6, !misexpect !7 %22 = extractvalue { i8, i32 } %17, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %14 %25 = phi i32 [ 0, %9 ], [ %15, %14 ], [ 0, %21 ] %26 = add i32 %25, 1 %27 = or i32 %26, %25 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* nonnull %10, i32 0) #69 br label %30 %31 = icmp eq i32 %25, 0 br i1 %31, label %32, label %33 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %34 = getelementptr inbounds i8, i8* %7, i64 320 %35 = bitcast i8* %34 to %struct.drm_i915_gem_object_ops.414969** %36 = load %struct.drm_i915_gem_object_ops.414969*, %struct.drm_i915_gem_object_ops.414969** %35, align 8 %37 = getelementptr inbounds %struct.drm_i915_gem_object_ops.414969, %struct.drm_i915_gem_object_ops.414969* %36, i64 0, i32 0 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %72 %42 = bitcast i8* %7 to %struct.drm_gem_object.414849* %43 = getelementptr inbounds i8, i8* %7, i64 8 %44 = bitcast i8* %43 to %struct.drm_i915_private.415254** %45 = load %struct.drm_i915_private.415254*, %struct.drm_i915_private.415254** %44, align 8 %46 = tail call i32 bitcast (i32 (%struct.drm_gem_object.363738*)* @drm_gem_create_mmap_offset to i32 (%struct.drm_gem_object.414849*)*)(%struct.drm_gem_object.414849* nonnull %42) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %67, label %48, !prof !8, !misexpect !10 %49 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 62, i32 7, i32 0 %50 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 62, i32 6 %51 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 114, i32 1 br label %52 %53 = tail call i32 bitcast (i32 (%struct.drm_i915_private.433198*, i32, i64)* @i915_gem_wait_for_idle to i32 (%struct.drm_i915_private.415254*, i32, i64)*)(%struct.drm_i915_private.415254* %45, i32 1, i64 9223372036854775807) #69 %56 = load volatile i32, i32* %49, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58 %59 = tail call zeroext i1 @flush_work(%struct.work_struct* %50) #69 tail call void @rcu_barrier() #69 %60 = load volatile i32, i32* %49, align 4 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %58 %63 = tail call i32 bitcast (i32 (%struct.drm_gem_object.363738*)* @drm_gem_create_mmap_offset to i32 (%struct.drm_gem_object.414849*)*)(%struct.drm_gem_object.414849* nonnull %42) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %67, label %65 %66 = tail call zeroext i1 @flush_delayed_work(%struct.delayed_work* %51) #69 br i1 %66, label %52, label %72 %53 = tail call i32 bitcast (i32 (%struct.drm_i915_private.433198*, i32, i64)* @i915_gem_wait_for_idle to i32 (%struct.drm_i915_private.415254*, i32, i64)*)(%struct.drm_i915_private.415254* %45, i32 1, i64 9223372036854775807) #69 Function:i915_gem_wait_for_idle %4 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 6, i32 2 %5 = load volatile i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %131, label %7 %8 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 5, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #69 %10 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 5, i32 1 %11 = bitcast %struct.list_head* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i8* %12 to %struct.list_head* %14 = icmp eq %struct.list_head* %10, %13 br i1 %14, label %119, label %15 %16 = and i32 %1, 16 %17 = icmp eq i32 %16, 0 %18 = getelementptr %struct.list_head, %struct.list_head* %10, i64 -10, i32 1 %19 = bitcast %struct.list_head** %18 to %struct.intel_timeline.432983* br label %20 %21 = phi i8* [ %12, %15 ], [ %116, %110 ] %22 = phi i64 [ %2, %15 ], [ %113, %110 ] %23 = phi i64 [ %9, %15 ], [ %111, %110 ] %24 = getelementptr i8, i8* %21, i64 -152 %25 = bitcast i8* %24 to %struct.intel_timeline.432983* %26 = getelementptr i8, i8* %21, i64 -40 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %27 = bitcast i8* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %90, label %30 %31 = phi i64 [ %88, %87 ], [ %28, %20 ] %32 = inttoptr i64 %31 to %struct.i915_request.432980* %33 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 1 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %38 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 19 %39 = load i32*, i32** %38, align 8 %40 = load volatile i32, i32* %39, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %41 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 4 %42 = load i64, i64* %41, align 8 %43 = trunc i64 %42 to i32 %44 = sub i32 %40, %43 %45 = icmp sgt i32 %44, -1 br i1 %45, label %90, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %47 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 6 %48 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %47, i64 0, i32 0 %49 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %47, i64 0, i32 0, i32 0, i32 0 %50 = load volatile i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %62, label %52 %53 = phi i32 [ %60, %59 ], [ %50, %46 ] %54 = add i32 %53, 1 %55 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32 %54, i32* %49, i32 %53) #6, !srcloc !7 %56 = extractvalue { i8, i32 } %55, 0 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %62, !prof !8, !misexpect !9 %60 = extractvalue { i8, i32 } %55, 1 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %52 %63 = phi i32 [ 0, %46 ], [ %53, %52 ], [ 0, %59 ] %64 = add i32 %63, 1 %65 = or i32 %64, %63 %66 = icmp sgt i32 %65, -1 br i1 %66, label %68, label %67, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%union.anon.21* %48, i32 0) #69 br label %68 %69 = icmp eq i32 %63, 0 %70 = select i1 %69, %struct.i915_request.432980* null, %struct.i915_request.432980* %32 br i1 %69, label %90, label %71 %72 = load volatile i64, i64* %27, align 8 %73 = inttoptr i64 %72 to %struct.i915_request.432980* %74 = icmp eq %struct.i915_request.432980* %70, %73 br i1 %74, label %91, label %75 %92 = inttoptr i64 %31 to %struct.i915_request.432980* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %93 = icmp eq i64 %31, 0 br i1 %93, label %110, label %94 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %8, i64 %23) #69 br i1 %17, label %96, label %95 tail call void bitcast (void (%struct.i915_request.388092*)* @gen6_rps_boost to void (%struct.i915_request.432980*)*)(%struct.i915_request.432980* nonnull %92) #69 br label %96 %97 = tail call i64 bitcast (i64 (%struct.i915_request.434908*, i32, i64)* @i915_request_wait to i64 (%struct.i915_request.432980*, i32, i64)*)(%struct.i915_request.432980* nonnull %92, i32 %1, i64 %22) #69 %98 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32 -1, i32* %49) #6, !srcloc !11 %99 = icmp eq i32 %98, 1 br i1 %99, label %105, label %100 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @dma_fence_release(%struct.qspinlock* %47) #69 br label %106 %107 = icmp slt i64 %97, 0 br i1 %107, label %123, label %108 %109 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #69 br label %110 %111 = phi i64 [ %23, %90 ], [ %23, %91 ], [ %109, %108 ] %112 = phi %struct.intel_timeline.432983* [ %25, %90 ], [ %25, %91 ], [ %19, %108 ] %113 = phi i64 [ %22, %90 ], [ %22, %91 ], [ %97, %108 ] %114 = getelementptr inbounds %struct.intel_timeline.432983, %struct.intel_timeline.432983* %112, i64 0, i32 13, i32 0 %115 = bitcast %struct.list_head** %114 to i8** %116 = load i8*, i8** %115, align 8 %117 = bitcast i8* %116 to %struct.list_head* %118 = icmp eq %struct.list_head* %10, %117 br i1 %118, label %119, label %20 %120 = phi i64 [ %9, %7 ], [ %111, %110 ] %121 = phi i64 [ %2, %7 ], [ %113, %110 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %8, i64 %120) #69 %122 = icmp slt i64 %121, 0 br i1 %122, label %123, label %126 %127 = and i32 %1, 2 %128 = icmp eq i32 %127, 0 br i1 %128, label %131, label %129 %130 = tail call zeroext i1 bitcast (i1 (%struct.drm_i915_private.434902*)* @i915_retire_requests to i1 (%struct.drm_i915_private.433198*)*)(%struct.drm_i915_private.433198* %0) #69 Function:i915_retire_requests %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.434902, %struct.drm_i915_private.434902* %0, i64 0, i32 113, i32 5, i32 0, i32 0, i32 0 %7 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %6) #69 %8 = getelementptr inbounds %struct.drm_i915_private.434902, %struct.drm_i915_private.434902* %0, i64 0, i32 113, i32 5, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %98, label %13 %14 = getelementptr i8, i8* %10, i64 -152 %15 = bitcast i8* %14 to %struct.intel_timeline.434688* %16 = bitcast i8* %10 to i8** %17 = bitcast %struct.list_head* %2 to i64* br label %18 %19 = phi %struct.list_head* [ %11, %13 ], [ %96, %91 ] %20 = phi %struct.intel_timeline.434688* [ %15, %13 ], [ %93, %91 ] %21 = phi i8** [ %16, %13 ], [ %95, %91 ] %22 = phi i64 [ %7, %13 ], [ %92, %91 ] %23 = load i8*, i8** %21, align 8 %24 = getelementptr i8, i8* %23, i64 -152 %25 = bitcast i8* %24 to %struct.intel_timeline.434688* %26 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 2 %27 = call i32 @mutex_trylock(%struct.mutex* %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %91, label %29 %30 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 15 %31 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %30, i64 0, i32 0 %32 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %30, i64 0, i32 0, i32 0, i32 0 %33 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !4 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !5, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !7, !misexpect !6 %40 = phi i32 [ 2, %29 ], [ 1, %35 ] call void @refcount_warn_saturate(%union.anon.21* %31, i32 %40) #69 br label %41 %42 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 4 %43 = load i32, i32* %42, align 4 %44 = add i32 %43, 1 store i32 %44, i32* %42, align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %6, i64 %22) #69 %45 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 10 %46 = bitcast %struct.list_head* %45 to i8** %47 = load i8*, i8** %46, align 8 br label %48 %49 = phi i8* [ %47, %41 ], [ %54, %52 ] %50 = bitcast i8* %49 to %struct.list_head* %51 = icmp eq %struct.list_head* %45, %50 br i1 %51, label %58, label %52 %53 = bitcast i8* %49 to i8** %54 = load i8*, i8** %53, align 8 %55 = getelementptr i8, i8* %49, i64 -536 %56 = bitcast i8* %55 to %struct.i915_request.434908* %57 = call fastcc zeroext i1 @i915_request_retire(%struct.i915_request.434908* %56) #69 Function:i915_request_retire %2 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 0, i32 5 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 1 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %15 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_request_retire to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@i915_request_retire, %16)) #6 to label %38 [label %16], !srcloc !6 %39 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 23 %40 = load i32, i32* %39, align 8 %41 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 6 %42 = load %struct.intel_ring.434684*, %struct.intel_ring.434684** %41, align 8 %43 = getelementptr inbounds %struct.intel_ring.434684, %struct.intel_ring.434684* %42, i64 0, i32 4 store i32 %40, i32* %43, align 4 %44 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 29 %45 = bitcast %struct.list_head* %44 to i8** %46 = load i8*, i8** %45, align 8 %47 = bitcast i8* %46 to %struct.list_head* %48 = icmp eq %struct.list_head* %44, %47 br i1 %48, label %68, label %49 %50 = getelementptr i8, i8* %46, i64 -8 br label %51 %52 = phi i8* [ %55, %51 ], [ %46, %49 ] %53 = phi i8* [ %56, %51 ], [ %50, %49 ] %54 = bitcast i8* %52 to i8** %55 = load i8*, i8** %54, align 8 %56 = getelementptr i8, i8* %55, i64 -8 %57 = bitcast i8* %53 to %struct.i915_active_request.434686* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %56) #6, !srcloc !11 %58 = ptrtoint i8* %52 to i64 %59 = bitcast i8* %52 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds i8, i8* %53, i64 16 %61 = bitcast i8* %60 to i8** store i8* %52, i8** %61, align 8 %62 = bitcast i8* %53 to i64* store volatile i64 0, i64* %62, align 8 %63 = getelementptr inbounds i8, i8* %53, i64 24 %64 = bitcast i8* %63 to void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)** %65 = load void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)*, void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)** %64, align 8 tail call void %65(%struct.i915_active_request.434686* %57, %struct.i915_request.434908* %0) #69 %66 = bitcast i8* %55 to %struct.list_head* %67 = icmp eq %struct.list_head* %44, %66 br i1 %67, label %68, label %51 tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %69 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 4 %70 = bitcast %struct.intel_engine_cs.434707** %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.intel_engine_cs.434707* %73 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %72, i64 0, i32 18, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %73) #69 %74 = load volatile i64, i64* %70, align 8 %75 = inttoptr i64 %74 to %struct.intel_engine_cs.434707* %76 = icmp eq %struct.intel_engine_cs.434707* %72, %75 br i1 %76, label %86, label %77, !prof !13, !misexpect !14 %78 = phi %struct.intel_engine_cs.434707* [ %84, %77 ], [ %75, %68 ] %79 = phi %struct.intel_engine_cs.434707* [ %78, %77 ], [ %72, %68 ] %80 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %79, i64 0, i32 18, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %81 = bitcast %struct.spinlock* %80 to i8* store volatile i8 0, i8* %81, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %82 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %78, i64 0, i32 18, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %82) #69 %83 = load volatile i64, i64* %70, align 8 %84 = inttoptr i64 %83 to %struct.intel_engine_cs.434707* %85 = icmp eq %struct.intel_engine_cs.434707* %78, %84 br i1 %85, label %86, label %77, !prof !13, !misexpect !14 %87 = phi %struct.intel_engine_cs.434707* [ %72, %68 ], [ %78, %77 ] %88 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 16, i32 2, i32 1 %89 = load %struct.list_head*, %struct.list_head** %88, align 8 %90 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 16, i32 2, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 1 store %struct.list_head* %89, %struct.list_head** %92, align 8 %93 = ptrtoint %struct.list_head* %91 to i64 %94 = bitcast %struct.list_head* %89 to i64* store volatile i64 %93, i64* %94, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %90, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %88, align 8 %95 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %87, i64 0, i32 18, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %96 = bitcast %struct.spinlock* %95 to i8* store volatile i8 0, i8* %96, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %97 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 1 %98 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %97, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %98) #69 %99 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 0, i32 4 %100 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 19 %101 = bitcast i32** %100 to i64** store i64* %99, i64** %101, align 8 %102 = load volatile i64, i64* %2, align 8 %103 = and i64 %102, 1 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %108 %109 = load volatile i64, i64* %2, align 8 %110 = and i64 %109, 4 %111 = icmp eq i64 %110, 0 br i1 %111, label %113, label %112 %114 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 31 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 br i1 %117, label %122, label %118 %123 = load volatile i64, i64* %2, align 8 %124 = and i64 %123, 8 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %148 %127 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %127, i8 8, i8* %127) #6, !srcloc !18 %128 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 13 %129 = bitcast %struct.list_head* %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.list_head* %132 = icmp eq %struct.list_head* %128, %131 %133 = inttoptr i64 %130 to %struct.execute_cb* br i1 %132, label %148, label %134 %135 = getelementptr inbounds %struct.execute_cb, %struct.execute_cb* %133, i64 0, i32 0 %136 = icmp eq %struct.list_head* %135, %128 br i1 %136, label %145, label %137 %138 = phi %struct.execute_cb* [ %142, %137 ], [ %133, %134 ] %139 = getelementptr inbounds %struct.execute_cb, %struct.execute_cb* %138, i64 0, i32 1 %140 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %139) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 p4_pmu_handle_irq ------------- Path:  Function:p4_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events.4110* %6 = load i32, i32* getelementptr inbounds (%struct.x86_pmu.4114, %struct.x86_pmu.4114* bitcast (%struct.x86_pmu* @x86_pmu to %struct.x86_pmu.4114*), i64 0, i32 18), align 4 %7 = icmp sgt i32 %6, 0 br i1 %7, label %8, label %102 %9 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 1, i64 0 %10 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %11 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %12 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 %14 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 2, i64 0 br label %15 %16 = phi i64 [ 0, %8 ], [ %95, %93 ] %17 = phi i32 [ 0, %8 ], [ %94, %93 ] %18 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %16) #6, !srcloc !5 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %26 %27 = getelementptr %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 0, i64 %16 %28 = load %struct.perf_event.4099*, %struct.perf_event.4099** %27, align 8 %29 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 0, i32 0, i32 5 %30 = load i32, i32* %29, align 4 %31 = zext i32 %30 to i64 %32 = icmp eq i64 %16, %31 br i1 %32, label %34, label %33, !prof !7, !misexpect !8 %35 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 0, i32 0, i32 2 %36 = load i64, i64* %35, align 8 %37 = trunc i64 %36 to i32 %38 = call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 %37) #6, !srcloc !11 %39 = extractvalue { i64, i64 } %38, 0 %40 = extractvalue { i64, i64 } %38, 1 %41 = shl i64 %40, 32 %42 = or i64 %41, %39 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %43)) #6 to label %44 [label %43], !srcloc !12 call void @do_trace_read_msr(i32 %37, i64 %42, i32 0) #69 br label %44 %45 = trunc i64 %39 to i32 %46 = icmp sgt i32 %45, -1 br i1 %46, label %56, label %47 %48 = load i64, i64* %35, align 8 %49 = trunc i64 %48 to i32 %50 = and i64 %42, -2147483649 %51 = trunc i64 %50 to i32 %52 = lshr i64 %42, 32 %53 = trunc i64 %52 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 %49, i32 %51, i32 %53) #6, !srcloc !13 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %54)) #6 to label %71 [label %54], !srcloc !12 call void @do_trace_write_msr(i32 %49, i64 %50, i32 0) #69 %55 = call i64 bitcast (i64 (%struct.perf_event*)* @x86_perf_event_update to i64 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %28) #69 br label %82 %83 = phi i32 [ 1, %54 ], [ 0, %75 ], [ %72, %71 ] %84 = add i32 %83, %17 %85 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 7 %86 = load i64, i64* %85, align 8 store i64 %86, i64* %10, align 8 store i64 0, i64* %11, align 32 store i64 84410401, i64* %12, align 16 store i64 0, i64* %13, align 8 %87 = call i32 bitcast (i32 (%struct.perf_event*)* @x86_perf_event_set_period to i32 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %28) #69 %88 = icmp eq i32 %87, 0 br i1 %88, label %93, label %89 %90 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.4099*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.4099* %28, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 knc_pmu_handle_irq ------------- Path:  Function:knc_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = alloca i64, align 8 %4 = bitcast %struct.perf_sample_data* %2 to i8* %5 = bitcast i64* %3 to i8* %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %7 = inttoptr i64 %6 to %struct.cpu_hw_events.4110* %8 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 47) #6, !srcloc !5 %9 = extractvalue { i64, i64 } %8, 0 %10 = extractvalue { i64, i64 } %8, 1 %11 = shl i64 %10, 32 %12 = or i64 %11, %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %13)) #6 to label %14 [label %13], !srcloc !6 tail call void @do_trace_read_msr(i32 47, i64 %12, i32 0) #69 br label %14 %15 = and i64 %12, -4 %16 = trunc i64 %15 to i32 %17 = lshr i64 %12, 32 %18 = trunc i64 %17 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 47, i32 %16, i32 %18) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %19)) #6 to label %20 [label %19], !srcloc !6 %21 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 45) #6, !srcloc !5 %22 = extractvalue { i64, i64 } %21, 0 %23 = extractvalue { i64, i64 } %21, 1 %24 = shl i64 %23, 32 %25 = or i64 %24, %22 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %26)) #6 to label %27 [label %26], !srcloc !6 store i64 %25, i64* %3, align 8 %28 = icmp eq i64 %25, 0 br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %7, i64 0, i32 1, i64 0 %31 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %32 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %33 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %34 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %48 %49 = phi i64 [ %99, %101 ], [ %25, %29 ] %50 = phi i32 [ %57, %101 ], [ 0, %29 ] %51 = phi i32 [ %94, %101 ], [ 0, %29 ] %52 = trunc i64 %49 to i32 %53 = lshr i64 %49, 32 %54 = trunc i64 %53 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 46, i32 %52, i32 %54) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %55)) #6 to label %56 [label %55], !srcloc !6 %57 = add nuw nsw i32 %50, 1 %58 = icmp eq i32 %50, 100 br i1 %58, label %59, label %63 call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9), i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9)) #6, !srcloc !12 %64 = call i64 @find_first_bit(i64* nonnull %3, i64 64) #69 %65 = trunc i64 %64 to i32 %66 = icmp slt i32 %65, 64 br i1 %66, label %67, label %93 %68 = phi i32 [ %74, %87 ], [ %51, %63 ] %69 = phi i64 [ %90, %87 ], [ %64, %63 ] %70 = shl i64 %69, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %7, i64 0, i32 0, i64 %71 %73 = load %struct.perf_event.4099*, %struct.perf_event.4099** %72, align 8 %74 = add i32 %68, 1 %75 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %71) #6, !srcloc !13 %76 = and i8 %75, 1 %77 = icmp eq i8 %76, 0 br i1 %77, label %87, label %78 %79 = call i32 bitcast (i32 (%struct.perf_event.5941*)* @intel_pmu_save_and_restart to i32 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %73) #69 %80 = icmp eq i32 %79, 0 br i1 %80, label %87, label %81 %82 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %73, i64 0, i32 26, i32 7 %83 = load i64, i64* %82, align 8 store i64 %83, i64* %31, align 8 store i64 0, i64* %32, align 32 store i64 84410401, i64* %33, align 16 store i64 0, i64* %34, align 8 %84 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.4099*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.4099* %73, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq 6 amd_pmu_handle_irq ------------- Path:  Function:amd_pmu_handle_irq %2 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %3 = inttoptr i64 %2 to %struct.cpu_hw_events.4110* %4 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %3, i64 0, i32 1, i64 0 %5 = tail call i32 @__bitmap_weight(i64* %4, i32 64) #69 %6 = tail call i32 @x86_pmu_handle_irq(%struct.pt_regs* %0) #69 Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 pm_runtime_set_autosuspend_delay 12 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.48570, i64 0, i64 0), i32* nonnull %5) #69 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void bitcast (void (%struct.device.515067*, i32)* @pm_runtime_set_autosuspend_delay to void (%struct.device.558672*, i32)*)(%struct.device.558672* %0, i32 %14) #70 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #69 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %22 %23 = icmp ne i16 %10, 0 %24 = icmp slt i32 %6, 0 %25 = and i1 %24, %23 br i1 %25, label %26, label %28 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !5 br label %28 %29 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %0, i32 8) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device.27509, %struct.device.27509* %0, i64 -1, i32 16 %7 = bitcast %struct.dma_map_ops.27502** %6 to %struct.pci_dev.291277* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #69 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.291277, %struct.pci_dev.291277* %7, i64 0, i32 31 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.291277* %7) #69 br label %22 %23 = call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.27509*, i32)*)(%struct.device.27509* %0, i32 0) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 blk_queue_enter 15 blk_mq_alloc_request 16 blk_get_request 17 bsg_ioctl ------------- Path:  Function:bsg_ioctl %4 = alloca %struct.sg_io_v4, align 8 %5 = getelementptr inbounds %struct.file.282634, %struct.file.282634* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.bsg_device** %7 = load %struct.bsg_device*, %struct.bsg_device** %6, align 8 %8 = inttoptr i64 %2 to i8* switch i32 %1, label %154 [ i32 8816, label %9 i32 8817, label %15 i32 8834, label %33 i32 21378, label %33 i32 21382, label %33 i32 8705, label %33 i32 8706, label %33 i32 8818, label %33 i32 8821, label %33 i32 8707, label %33 i32 8837, label %40 i32 1, label %147 ] %41 = getelementptr inbounds %struct.bsg_device, %struct.bsg_device* %7, i64 0, i32 0 %42 = load %struct.request_queue.282792*, %struct.request_queue.282792** %41, align 8 %43 = getelementptr inbounds %struct.file.282634, %struct.file.282634* %0, i64 0, i32 8 %44 = load i32, i32* %43, align 4 %45 = bitcast %struct.sg_io_v4* %4 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 160) #69 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %144 %49 = getelementptr inbounds %struct.request_queue.282792, %struct.request_queue.282792* %42, i64 0, i32 52, i32 0 %50 = load %struct.device.282731*, %struct.device.282731** %49, align 8 %51 = icmp eq %struct.device.282731* %50, null br i1 %51, label %144, label %52 %53 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 81 br i1 %55, label %56, label %144 %57 = getelementptr inbounds %struct.request_queue.282792, %struct.request_queue.282792* %42, i64 0, i32 52, i32 3 %58 = load %struct.bsg_ops.282790*, %struct.bsg_ops.282790** %57, align 8 %59 = getelementptr inbounds %struct.bsg_ops.282790, %struct.bsg_ops.282790* %58, i64 0, i32 0 %60 = load i32 (%struct.sg_io_v4*)*, i32 (%struct.sg_io_v4*)** %59, align 8 %61 = call i32 %60(%struct.sg_io_v4* nonnull %4) #69 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %144 %64 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 12 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 %67 = select i1 %66, i32 32, i32 33 %68 = call %struct.request.282762* bitcast (%struct.request.272936* (%struct.request_queue.272970*, i32, i32)* @blk_get_request to %struct.request.282762* (%struct.request_queue.282792*, i32, i32)*)(%struct.request_queue.282792* %42, i32 %67, i32 0) #69 Function:blk_get_request %4 = and i32 %1, 2097152 %5 = icmp eq i32 %4, 0 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = and i32 %2, -10 %9 = icmp eq i32 %8, 0 br i1 %9, label %11, label %10, !prof !4, !misexpect !5 %12 = tail call %struct.request.272936* @blk_mq_alloc_request(%struct.request_queue.272970* %0, i32 %1, i32 %2) #69 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.272937, align 8 %5 = bitcast %struct.blk_mq_alloc_data.272937* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.272937, %struct.blk_mq_alloc_data.272937* %4, i64 0, i32 1 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.272937, %struct.blk_mq_alloc_data.272937* %4, i64 0, i32 3 store i32 %1, i32* %7, align 8 %8 = tail call i32 @blk_queue_enter(%struct.request_queue.272970* %0, i32 %2) #69 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 8 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56, i32 1 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %6, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 15, i32 0 %10 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56, i32 2 %11 = and i32 %1, 1 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 51 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 21 %15 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 22 %16 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 54 br label %19 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = load volatile i64, i64* %7, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !6, !misexpect !7 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %29, label %28 %30 = load volatile i64, i64* %8, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !10, !misexpect !7 %33 = phi i64 [ %40, %39 ], [ %30, %29 ] %34 = add i64 %33, 1 %35 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 %34, i64* %8, i64 %33) #6, !srcloc !11 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %43, !prof !10, !misexpect !7 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !10, !misexpect !7 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %63 br i1 %12, label %64, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %65 = call i32 @_cond_resched() #69 %66 = load i32, i32* %13, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %81 %82 = load volatile i64, i64* %16, align 8 %83 = and i64 %82, 2 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %109 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %3, i32 0) #69 br label %86 %87 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %18, %struct.wait_queue_entry* nonnull %3, i32 2) #69 %88 = load i32, i32* %13, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %103 br i1 %5, label %91, label %108 %92 = load %struct.device.272894*, %struct.device.272894** %14, align 8 %93 = icmp eq %struct.device.272894* %92, null br i1 %93, label %100, label %94 %95 = load i32, i32* %15, align 8 %96 = and i32 %95, -2 %97 = icmp eq i32 %96, 2 br i1 %97, label %98, label %100 %99 = call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.272894*, i32)*)(%struct.device.272894* nonnull %92, i32 1) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 intel_runtime_pm_get 15 i915_forcewake_open ------------- Path:  Function:i915_forcewake_open %3 = getelementptr inbounds %struct.inode.379433, %struct.inode.379433* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.388303** %5 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 1, i32 1 %7 = load i8, i8* %6, align 2 %8 = icmp ult i8 %7, 6 br i1 %8, label %16, label %9 %10 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 111 %11 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %10) #69 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device.379499*, %struct.device.379499** %2, align 8 %4 = tail call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.379499*, i32)*)(%struct.device.379499* %3, i32 4) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __ia32_sys_timerfd_gettime32 ------------- Path:  Function:__ia32_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __x64_sys_timerfd_gettime32 ------------- Path:  Function:__x64_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.old_itimerspec32** %7 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __ia32_sys_timerfd_gettime ------------- Path:  Function:__ia32_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __x64_sys_timerfd_gettime ------------- Path:  Function:__x64_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.itimerspec64** %7 = load %struct.itimerspec64*, %struct.itimerspec64** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime32 ------------- Path:  Function:__ia32_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.old_itimerspec32* %15 = inttoptr i64 %13 to %struct.old_itimerspec32* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime32 ------------- Path:  Function:__x64_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.old_itimerspec32** %10 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %110, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call %struct.task_struct.138679* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.138679** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.138679**)) #10, !srcloc !4 %26 = bitcast i8** %24 to %struct.task_struct.138679** store %struct.task_struct.138679* %25, %struct.task_struct.138679** %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 0 store %struct.list_head* %28, %struct.list_head** %29, align 8 %30 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %28, %struct.list_head** %30, align 8 br label %31 %32 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %37 %38 = load %struct.list_head*, %struct.list_head** %30, align 8 %39 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 1 store %struct.list_head* %38, %struct.list_head** %41, align 8 %42 = ptrtoint %struct.list_head* %40 to i64 %43 = bitcast %struct.list_head* %38 to i64* store volatile i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.task_struct.138679, %struct.task_struct.138679* %25, i64 0, i32 1 store volatile i64 0, i64* %44, align 16 %45 = sext i32 %32 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %37 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %83 = bitcast %struct.timerfd_ctx* %8 to %struct.hrtimer* %84 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %85 = bitcast %struct.rb_node** %84 to %struct.hrtimer_clock_base** %86 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %85, align 8 %87 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %86, i64 0, i32 6 %88 = load i64 ()*, i64 ()** %87, align 16 %89 = call i64 %88() #69 %90 = call i64 @hrtimer_forward(%struct.hrtimer* %83, i64 %89, i64 %70) #69 %91 = add i64 %62, -1 %92 = add i64 %91, %90 %93 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 0, i32 1 %96 = load i64, i64* %95, align 8 %97 = sub i64 %96, %94 call void @hrtimer_start_range_ns(%struct.hrtimer* %83, i64 %94, i64 %97, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %5 to i32 %13 = inttoptr i64 %11 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = icmp eq i64 %8, 0 br i1 %16, label %21, label %17 br label %22 %23 = icmp ne i64 %11, 0 %24 = select i1 %23, %struct.itimerspec64* %3, %struct.itimerspec64* null %25 = call i32 @do_setitimer(i32 %12, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* %24) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __se_sys_setitimer 11 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_setitimer %4 = alloca %struct.itimerspec64, align 8 %5 = alloca %struct.itimerspec64, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.itimerspec64* %4 to i8* %8 = bitcast %struct.itimerspec64* %5 to i8* %9 = icmp eq i64 %1, 0 br i1 %9, label %14, label %10 %15 = load i1, i1* @__do_sys_setitimer.__print_once, align 1 br i1 %15, label %20, label %16 store i1 true, i1* @__do_sys_setitimer.__print_once, align 1 %17 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %17, i64 0, i32 80, i64 0 %19 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.8999, i64 0, i64 0), i8* %18) #70 br label %20 %21 = icmp ne i64 %2, 0 %22 = select i1 %21, %struct.itimerspec64* %5, %struct.itimerspec64* null %23 = call i32 @do_setitimer(i32 %6, %struct.itimerspec64* nonnull %4, %struct.itimerspec64* %22) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __se_sys_setitimer 11 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_setitimer %4 = alloca %struct.itimerspec64, align 8 %5 = alloca %struct.itimerspec64, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.itimerspec64* %4 to i8* %8 = bitcast %struct.itimerspec64* %5 to i8* %9 = icmp eq i64 %1, 0 br i1 %9, label %14, label %10 %15 = load i1, i1* @__do_sys_setitimer.__print_once, align 1 br i1 %15, label %20, label %16 store i1 true, i1* @__do_sys_setitimer.__print_once, align 1 %17 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %17, i64 0, i32 80, i64 0 %19 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.8999, i64 0, i64 0), i8* %18) #70 br label %20 %21 = icmp ne i64 %2, 0 %22 = select i1 %21, %struct.itimerspec64* %5, %struct.itimerspec64* null %23 = call i32 @do_setitimer(i32 %6, %struct.itimerspec64* nonnull %4, %struct.itimerspec64* %22) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.itimerspec64* %2 to i8* %8 = bitcast %struct.itimerspec64* %3 to i8* %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call i32 @do_setitimer(i32 0, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.itimerspec64* %2 to i8* %7 = bitcast %struct.itimerspec64* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call i32 @do_setitimer(i32 0, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep_time32 ------------- Path:  Function:__ia32_sys_nanosleep_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %8 to %struct.util_est* %10 = bitcast %struct.anon.54* %2 to i8* %11 = inttoptr i64 %5 to i8* %12 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* %11) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp eq i64 %8, 0 %24 = select i1 %23, i32 0, i32 2 %25 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1 %27 = bitcast %union.anon.30* %26 to %struct.anon.27.79146* %28 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.util_est** store %struct.util_est* %9, %struct.util_est** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep_time32 ------------- Path:  Function:__x64_sys_nanosleep_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.util_est* %9 = bitcast %struct.anon.54* %2 to i8* %10 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp eq i64 %7, 0 %22 = select i1 %21, i32 0, i32 2 %23 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1 %25 = bitcast %union.anon.30* %24 to %struct.anon.27.79146* %26 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.util_est** store %struct.util_est* %8, %struct.util_est** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to %struct.anon.54* %10 = inttoptr i64 %8 to %struct.anon.54* %11 = bitcast %struct.anon.54* %2 to i8* %12 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* %9) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp ne i64 %8, 0 %24 = zext i1 %23 to i32 %25 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1 %27 = bitcast %union.anon.30* %26 to %struct.anon.27.79146* %28 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.anon.54** store %struct.anon.54* %10, %struct.anon.54** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to %struct.anon.54** %5 = load %struct.anon.54*, %struct.anon.54** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.54* %9 = bitcast %struct.anon.54* %2 to i8* %10 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp ne i64 %7, 0 %22 = zext i1 %21 to i32 %23 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1 %25 = bitcast %union.anon.30* %24 to %struct.anon.27.79146* %26 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.anon.54** store %struct.anon.54* %8, %struct.anon.54** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 hrtimer_sleeper_start_expires 10 blk_poll 11 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr %struct.inode.112777, %struct.inode.112777* %8, i64 -1, i32 40 %10 = getelementptr inbounds %struct.file_lock_context*, %struct.file_lock_context** %9, i64 16 %11 = bitcast %struct.file_lock_context** %10 to %struct.gendisk.112631** %12 = load %struct.gendisk.112631*, %struct.gendisk.112631** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.112631, %struct.gendisk.112631* %12, i64 0, i32 10 %14 = load %struct.request_queue.112608*, %struct.request_queue.112608** %13, align 8 %15 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 7 %16 = load volatile i32, i32* %15, align 4 %17 = tail call i32 bitcast (i32 (%struct.request_queue.272970*, i32, i1)* @blk_poll to i32 (%struct.request_queue.112608*, i32, i1)*)(%struct.request_queue.112608* %14, i32 %16, i1 zeroext %1) #69 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.277443, align 8 %5 = alloca i64, align 8 %6 = icmp ult i32 %1, -2 br i1 %6, label %7, label %180 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 65536 %11 = icmp eq i64 %10, 0 br i1 %11, label %180, label %12 %13 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 111 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 8 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 10 %20 = load %struct.blk_mq_hw_ctx.272919**, %struct.blk_mq_hw_ctx.272919*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %24, align 8 %26 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 30 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 br i1 %28, label %131, label %29 %30 = icmp slt i32 %1, 0 br i1 %30, label %46, label %31 %47 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %25, i64 0, i32 20 %48 = load %struct.blk_mq_tags.272914*, %struct.blk_mq_tags.272914** %47, align 64 %49 = and i32 %1, 65535 %50 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 0 %51 = load i32, i32* %50, align 8 %52 = icmp ugt i32 %51, %49 br i1 %52, label %53, label %131 %54 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 5 %55 = load %struct.request.272936**, %struct.request.272936*** %54, align 8 %56 = zext i32 %49 to i64 %57 = getelementptr %struct.request.272936*, %struct.request.272936** %55, i64 %56 %58 = bitcast %struct.request.272936** %57 to i8** %59 = load i8*, i8** %58, align 8 %60 = bitcast i8* %59 to %struct.request.272936* %61 = icmp eq i8* %59, null br i1 %61, label %131, label %62 %63 = phi %struct.request.272936* [ %60, %53 ], [ %45, %38 ], [ null, %31 ] %64 = bitcast %struct.hrtimer_sleeper.277443* %4 to i8* %65 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %63, i64 0, i32 4 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1048576 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %129 %70 = icmp sgt i32 %27, 0 br i1 %70, label %97, label %71 %72 = load volatile i64, i64* %8, align 8 %73 = and i64 %72, 2097152 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %80 %76 = tail call zeroext i1 @blk_queue_flag_test_and_set(i32 21, %struct.request_queue.272970* %0) #69 br i1 %76, label %80, label %77 %81 = tail call i32 @blk_mq_poll_stats_bkt(%struct.request.272936* %63) #69 %82 = icmp slt i32 %81, 0 br i1 %82, label %129, label %83 %84 = zext i32 %81 to i64 %85 = getelementptr %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 32, i64 %84, i32 3 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, 0 br i1 %87, label %129, label %88 %89 = getelementptr %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 32, i64 %84, i32 0 %90 = load i64, i64* %89, align 8 %91 = add i64 %90, 1 %92 = lshr i64 %91, 1 %93 = trunc i64 %92 to i32 %94 = icmp eq i32 %93, 0 br i1 %94, label %129, label %95 %96 = load i32, i32* %65, align 4 br label %97 %98 = phi i32 [ %96, %95 ], [ %66, %69 ] %99 = phi i32 [ %93, %95 ], [ %27, %69 ] %100 = or i32 %98, 1048576 store i32 %100, i32* %65, align 4 %101 = zext i32 %99 to i64 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.277443*, i32, i32)*)(%struct.hrtimer_sleeper.277443* nonnull %4, i32 1, i32 1) #69 %102 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0 %103 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0, i32 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0, i32 1 store i64 %101, i64* %104, align 8 %105 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %63, i64 0, i32 24 %106 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 1 %107 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 0, i32 0 %108 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 1 %109 = bitcast i64* %5 to i8* br label %110 %111 = phi i32 [ 1, %97 ], [ 0, %125 ] %112 = load volatile i32, i32* %105, align 4 %113 = icmp eq i32 %112, 2 br i1 %113, label %130, label %114 store volatile i64 2, i64* %5, align 8 %115 = load volatile i64, i64* %5, align 8 %116 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %108, i64 %115, i64* %108) #6, !srcloc !5 store volatile i64 %116, i64* %5, align 8 %117 = load volatile i64, i64* %5, align 8 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32)* @hrtimer_sleeper_start_expires to void (%struct.hrtimer_sleeper.277443*, i32)*)(%struct.hrtimer_sleeper.277443* nonnull %4, i32 %111) #69 Function:hrtimer_sleeper_start_expires %3 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %4 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %3, i64 %5, i64 %8, i32 %1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive_time32 ------------- Path:  Function:__ia32_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive_time32 ------------- Path:  Function:__x64_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %35 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %35, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %35 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = and i64 %9, 4294967295 %33 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %32, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.54* %24 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.54* %20 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %19) #69 %21 = icmp eq %struct.task_struct.43108* %20, null br i1 %21, label %85, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %20, i1 zeroext %33) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.43108* %11, null br i1 %12, label %72, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.43108* %11, null br i1 %12, label %72, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_compat_sys_epoll_pwait ------------- Path:  Function:__ia32_compat_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %12 to %struct.kernel_cap_struct* %17 = tail call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %16, i64 %15) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 %20 = and i64 %5, 4294967295 %21 = trunc i64 %9 to i32 %22 = trunc i64 %7 to i32 %23 = inttoptr i64 %20 to %struct.epoll_event* %24 = trunc i64 %3 to i32 %25 = tail call fastcc i32 @do_epoll_wait(i32 %24, %struct.epoll_event* %23, i32 %22, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_pwait ------------- Path:  Function:__ia32_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %12 to %struct.cpumask* %17 = tail call i32 @set_user_sigmask(%struct.cpumask* %16, i64 %15) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 %20 = and i64 %5, 4294967295 %21 = trunc i64 %9 to i32 %22 = trunc i64 %7 to i32 %23 = inttoptr i64 %20 to %struct.epoll_event* %24 = trunc i64 %3 to i32 %25 = tail call fastcc i32 @do_epoll_wait(i32 %24, %struct.epoll_event* %23, i32 %22, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_pwait ------------- Path:  Function:__x64_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.cpumask** %13 = load %struct.cpumask*, %struct.cpumask** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = tail call i32 @set_user_sigmask(%struct.cpumask* %13, i64 %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %39 %19 = trunc i64 %10 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %3 to i32 %22 = tail call fastcc i32 @do_epoll_wait(i32 %21, %struct.epoll_event* %6, i32 %20, i32 %19) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_wait ------------- Path:  Function:__ia32_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.epoll_event* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %12, i32 %13, i32 %14) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_wait ------------- Path:  Function:__x64_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %6, i32 %12, i32 %13) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll_time64 ------------- Path:  Function:__ia32_compat_sys_ppoll_time64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = inttoptr i64 %6 to %struct.perf_event_header* %19 = trunc i64 %8 to i32 %20 = inttoptr i64 %14 to %struct.kernel_cap_struct* %21 = bitcast %struct.anon.54* %2 to i8* %22 = bitcast %struct.anon.54* %3 to i8* %23 = icmp eq i64 %11, 0 br i1 %23, label %48, label %24 %25 = inttoptr i64 %11 to %struct.anon.54* %26 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %59 %29 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %30, -1 %34 = icmp ult i64 %32, 1000000000 %35 = and i1 %33, %34 br i1 %35, label %36, label %59 %37 = or i64 %32, %30 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %40 call void @ktime_get_ts64(%struct.anon.54* nonnull %3) #69 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %44 = load i64, i64* %43, align 8 %45 = call { i64, i64 } @timespec64_add_safe(i64 %42, i64 %44, i64 %30, i64 %32) #69 %46 = extractvalue { i64, i64 } %45, 0 %47 = extractvalue { i64, i64 } %45, 1 store i64 %46, i64* %41, align 8 store i64 %47, i64* %43, align 8 br label %48 %49 = phi %struct.anon.54* [ null, %1 ], [ %3, %40 ], [ %3, %39 ] %50 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %20, i64 %17) #69 %51 = icmp eq i32 %50, 0 br i1 %51, label %54, label %52 %55 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %18, i32 %19, %struct.anon.54* %49) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll_time32 ------------- Path:  Function:__ia32_compat_sys_ppoll_time32 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = inttoptr i64 %6 to %struct.perf_event_header* %19 = trunc i64 %8 to i32 %20 = inttoptr i64 %14 to %struct.kernel_cap_struct* %21 = bitcast %struct.anon.54* %2 to i8* %22 = bitcast %struct.anon.54* %3 to i8* %23 = icmp eq i64 %11, 0 br i1 %23, label %48, label %24 %25 = inttoptr i64 %11 to i8* %26 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %59 %29 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %30, -1 %34 = icmp ult i64 %32, 1000000000 %35 = and i1 %33, %34 br i1 %35, label %36, label %59 %37 = or i64 %32, %30 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %40 call void @ktime_get_ts64(%struct.anon.54* nonnull %3) #69 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %44 = load i64, i64* %43, align 8 %45 = call { i64, i64 } @timespec64_add_safe(i64 %42, i64 %44, i64 %30, i64 %32) #69 %46 = extractvalue { i64, i64 } %45, 0 %47 = extractvalue { i64, i64 } %45, 1 store i64 %46, i64* %41, align 8 store i64 %47, i64* %43, align 8 br label %48 %49 = phi %struct.anon.54* [ null, %1 ], [ %3, %40 ], [ %3, %39 ] %50 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %20, i64 %17) #69 %51 = icmp eq i32 %50, 0 br i1 %51, label %54, label %52 %55 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %18, i32 %19, %struct.anon.54* %49) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __ia32_sys_ppoll ------------- Path:  Function:__ia32_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_ppoll(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = inttoptr i64 %0 to %struct.perf_event_header* %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %3 to %struct.cpumask* %11 = bitcast %struct.anon.54* %6 to i8* %12 = bitcast %struct.anon.54* %7 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %38, label %14 %15 = inttoptr i64 %2 to %struct.anon.54* %16 = call i32 @get_timespec64(%struct.anon.54* nonnull %6, %struct.anon.54* nonnull %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp sgt i64 %20, -1 %24 = icmp ult i64 %22, 1000000000 %25 = and i1 %23, %24 br i1 %25, label %26, label %49 %27 = or i64 %22, %20 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %30 call void @ktime_get_ts64(%struct.anon.54* nonnull %7) #69 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %34 = load i64, i64* %33, align 8 %35 = call { i64, i64 } @timespec64_add_safe(i64 %32, i64 %34, i64 %20, i64 %22) #69 %36 = extractvalue { i64, i64 } %35, 0 %37 = extractvalue { i64, i64 } %35, 1 store i64 %36, i64* %31, align 8 store i64 %37, i64* %33, align 8 br label %38 %39 = phi %struct.anon.54* [ null, %5 ], [ %7, %30 ], [ %7, %29 ] %40 = call i32 @set_user_sigmask(%struct.cpumask* %10, i64 %4) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %8, i32 %9, %struct.anon.54* %39) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __x64_sys_ppoll ------------- Path:  Function:__x64_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_ppoll(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = inttoptr i64 %0 to %struct.perf_event_header* %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %3 to %struct.cpumask* %11 = bitcast %struct.anon.54* %6 to i8* %12 = bitcast %struct.anon.54* %7 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %38, label %14 %15 = inttoptr i64 %2 to %struct.anon.54* %16 = call i32 @get_timespec64(%struct.anon.54* nonnull %6, %struct.anon.54* nonnull %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp sgt i64 %20, -1 %24 = icmp ult i64 %22, 1000000000 %25 = and i1 %23, %24 br i1 %25, label %26, label %49 %27 = or i64 %22, %20 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %30 call void @ktime_get_ts64(%struct.anon.54* nonnull %7) #69 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %34 = load i64, i64* %33, align 8 %35 = call { i64, i64 } @timespec64_add_safe(i64 %32, i64 %34, i64 %20, i64 %22) #69 %36 = extractvalue { i64, i64 } %35, 0 %37 = extractvalue { i64, i64 } %35, 1 store i64 %36, i64* %31, align 8 store i64 %37, i64* %33, align 8 br label %38 %39 = phi %struct.anon.54* [ null, %5 ], [ %7, %30 ], [ %7, %29 ] %40 = call i32 @set_user_sigmask(%struct.cpumask* %10, i64 %4) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %8, i32 %9, %struct.anon.54* %39) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.54* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.54* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.54* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.54* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.54* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.54* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 do_compat_pselect 14 __ia32_compat_sys_pselect6_time32 ------------- Path:  Function:__ia32_compat_sys_pselect6_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to i32* %21 = inttoptr i64 %9 to i32* %22 = inttoptr i64 %12 to i32* %23 = inttoptr i64 %18 to i8* %24 = icmp eq i64 %18, 0 br i1 %24, label %45, label %25 %26 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %26, i64 0, i32 163, i32 17, i32 0 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, -8 %30 = icmp ult i64 %29, %18 br i1 %30, label %52, label %31, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %32 = inttoptr i64 %18 to %struct.__large_struct* %33 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %32, i32 -14, i32 0) #6, !srcloc !9 %34 = extractvalue { i32, i64 } %33, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %52, !prof !11, !misexpect !12 %37 = extractvalue { i32, i64 } %33, 1 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %38 = getelementptr i8, i8* %23, i64 4 %39 = bitcast i8* %38 to %struct.__large_struct* %40 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %39, i32 -14, i32 0) #6, !srcloc !14 %41 = extractvalue { i32, i64 } %40, 1 %42 = extractvalue { i32, i64 } %40, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %43 = trunc i64 %41 to i32 %44 = icmp eq i32 %42, 0 br i1 %44, label %45, label %52, !prof !11, !misexpect !12 %46 = phi i64 [ %37, %36 ], [ 0, %1 ] %47 = phi i32 [ %43, %36 ], [ 0, %1 ] %48 = inttoptr i64 %15 to i8* %49 = and i64 %46, 4294967295 %50 = inttoptr i64 %49 to %struct.kernel_cap_struct* %51 = tail call fastcc i64 @do_compat_pselect(i32 %19, i32* %20, i32* %21, i32* %22, i8* %48, %struct.kernel_cap_struct* %50, i32 %47, i32 3) #69 Function:do_compat_pselect %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.anon.54* %9 to i8* %12 = bitcast %struct.anon.54* %10 to i8* %13 = icmp eq i8* %4, null br i1 %13, label %43, label %14 switch i32 %7, label %22 [ i32 3, label %15 i32 2, label %18 ] %16 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %9, i8* nonnull %4) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %54 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %54 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 br label %43 %44 = phi %struct.anon.54* [ null, %8 ], [ %10, %35 ], [ %10, %34 ] %45 = zext i32 %6 to i64 %46 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %5, i64 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %50, label %48 %51 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.anon.54* %44) #70 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 do_compat_pselect 14 __ia32_compat_sys_pselect6_time64 ------------- Path:  Function:__ia32_compat_sys_pselect6_time64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to i32* %21 = inttoptr i64 %9 to i32* %22 = inttoptr i64 %12 to i32* %23 = inttoptr i64 %18 to i8* %24 = icmp eq i64 %18, 0 br i1 %24, label %45, label %25 %26 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %26, i64 0, i32 163, i32 17, i32 0 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, -8 %30 = icmp ult i64 %29, %18 br i1 %30, label %52, label %31, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %32 = inttoptr i64 %18 to %struct.__large_struct* %33 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %32, i32 -14, i32 0) #6, !srcloc !9 %34 = extractvalue { i32, i64 } %33, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %52, !prof !11, !misexpect !12 %37 = extractvalue { i32, i64 } %33, 1 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %38 = getelementptr i8, i8* %23, i64 4 %39 = bitcast i8* %38 to %struct.__large_struct* %40 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %39, i32 -14, i32 0) #6, !srcloc !14 %41 = extractvalue { i32, i64 } %40, 1 %42 = extractvalue { i32, i64 } %40, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %43 = trunc i64 %41 to i32 %44 = icmp eq i32 %42, 0 br i1 %44, label %45, label %52, !prof !11, !misexpect !12 %46 = phi i64 [ %37, %36 ], [ 0, %1 ] %47 = phi i32 [ %43, %36 ], [ 0, %1 ] %48 = inttoptr i64 %15 to i8* %49 = and i64 %46, 4294967295 %50 = inttoptr i64 %49 to %struct.kernel_cap_struct* %51 = tail call fastcc i64 @do_compat_pselect(i32 %19, i32* %20, i32* %21, i32* %22, i8* %48, %struct.kernel_cap_struct* %50, i32 %47, i32 2) #69 Function:do_compat_pselect %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.anon.54* %9 to i8* %12 = bitcast %struct.anon.54* %10 to i8* %13 = icmp eq i8* %4, null br i1 %13, label %43, label %14 switch i32 %7, label %22 [ i32 3, label %15 i32 2, label %18 ] %16 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %9, i8* nonnull %4) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %54 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %54 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 br label %43 %44 = phi %struct.anon.54* [ null, %8 ], [ %10, %35 ], [ %10, %34 ] %45 = zext i32 %6 to i64 %46 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %5, i64 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %50, label %48 %51 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.anon.54* %44) #70 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #69 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.anon.54* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.anon.54* nonnull %2) #69 %56 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #69 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.anon.54* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.anon.54* %64) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.anon.54* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.anon.54* nonnull %2) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.anon.54* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.anon.54* %56) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __ia32_sys_pselect6 ------------- Path:  Function:__ia32_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_pselect6(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.tcp_mib* %11 = inttoptr i64 %2 to %struct.tcp_mib* %12 = inttoptr i64 %3 to %struct.tcp_mib* %13 = inttoptr i64 %4 to %struct.anon.54* %14 = inttoptr i64 %5 to i8* %15 = icmp eq i64 %5, 0 br i1 %15, label %36, label %16 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 163, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = add i64 %19, -16 %21 = icmp ult i64 %20, %5 br i1 %21, label %78, label %22, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %23 = inttoptr i64 %5 to %struct.__large_struct* %24 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %23, i32 -14, i32 0) #6, !srcloc !9 %25 = extractvalue { i32, i64 } %24, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %78, !prof !11, !misexpect !12 %28 = extractvalue { i32, i64 } %24, 1 %29 = inttoptr i64 %28 to %struct.cpumask* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %30 = getelementptr i8, i8* %14, i64 8 %31 = bitcast i8* %30 to %struct.__large_struct* %32 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %31, i32 -14, i32 0) #6, !srcloc !14 %33 = extractvalue { i32, i64 } %32, 1 %34 = extractvalue { i32, i64 } %32, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %78, !prof !11, !misexpect !12 %37 = phi %struct.cpumask* [ %29, %27 ], [ null, %6 ] %38 = phi i64 [ %33, %27 ], [ 0, %6 ] %39 = inttoptr i64 %4 to i8* %40 = bitcast %struct.anon.54* %7 to i8* %41 = bitcast %struct.anon.54* %8 to i8* %42 = icmp eq i64 %4, 0 br i1 %42, label %66, label %43 %44 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %13) #69 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %76 %47 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp sgt i64 %48, -1 %52 = icmp ult i64 %50, 1000000000 %53 = and i1 %51, %52 br i1 %53, label %54, label %76 %55 = or i64 %50, %48 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 call void @ktime_get_ts64(%struct.anon.54* nonnull %8) #69 %59 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %60 = load i64, i64* %59, align 8 %61 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %62 = load i64, i64* %61, align 8 %63 = call { i64, i64 } @timespec64_add_safe(i64 %60, i64 %62, i64 %48, i64 %50) #69 %64 = extractvalue { i64, i64 } %63, 0 %65 = extractvalue { i64, i64 } %63, 1 store i64 %64, i64* %59, align 8 store i64 %65, i64* %61, align 8 br label %66 %67 = phi %struct.anon.54* [ null, %36 ], [ %8, %58 ], [ %8, %57 ] %68 = call i32 @set_user_sigmask(%struct.cpumask* %37, i64 %38) #69 %69 = icmp eq i32 %68, 0 br i1 %69, label %72, label %70 %73 = call i32 @core_sys_select(i32 %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.tcp_mib* %12, %struct.anon.54* %67) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __x64_sys_pselect6 ------------- Path:  Function:__x64_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_pselect6(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.tcp_mib* %11 = inttoptr i64 %2 to %struct.tcp_mib* %12 = inttoptr i64 %3 to %struct.tcp_mib* %13 = inttoptr i64 %4 to %struct.anon.54* %14 = inttoptr i64 %5 to i8* %15 = icmp eq i64 %5, 0 br i1 %15, label %36, label %16 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 163, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = add i64 %19, -16 %21 = icmp ult i64 %20, %5 br i1 %21, label %78, label %22, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %23 = inttoptr i64 %5 to %struct.__large_struct* %24 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %23, i32 -14, i32 0) #6, !srcloc !9 %25 = extractvalue { i32, i64 } %24, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %78, !prof !11, !misexpect !12 %28 = extractvalue { i32, i64 } %24, 1 %29 = inttoptr i64 %28 to %struct.cpumask* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %30 = getelementptr i8, i8* %14, i64 8 %31 = bitcast i8* %30 to %struct.__large_struct* %32 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %31, i32 -14, i32 0) #6, !srcloc !14 %33 = extractvalue { i32, i64 } %32, 1 %34 = extractvalue { i32, i64 } %32, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %78, !prof !11, !misexpect !12 %37 = phi %struct.cpumask* [ %29, %27 ], [ null, %6 ] %38 = phi i64 [ %33, %27 ], [ 0, %6 ] %39 = inttoptr i64 %4 to i8* %40 = bitcast %struct.anon.54* %7 to i8* %41 = bitcast %struct.anon.54* %8 to i8* %42 = icmp eq i64 %4, 0 br i1 %42, label %66, label %43 %44 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %13) #69 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %76 %47 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp sgt i64 %48, -1 %52 = icmp ult i64 %50, 1000000000 %53 = and i1 %51, %52 br i1 %53, label %54, label %76 %55 = or i64 %50, %48 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 call void @ktime_get_ts64(%struct.anon.54* nonnull %8) #69 %59 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %60 = load i64, i64* %59, align 8 %61 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %62 = load i64, i64* %61, align 8 %63 = call { i64, i64 } @timespec64_add_safe(i64 %60, i64 %62, i64 %48, i64 %50) #69 %64 = extractvalue { i64, i64 } %63, 0 %65 = extractvalue { i64, i64 } %63, 1 store i64 %64, i64* %59, align 8 store i64 %65, i64* %61, align 8 br label %66 %67 = phi %struct.anon.54* [ null, %36 ], [ %8, %58 ], [ %8, %57 ] %68 = call i32 @set_user_sigmask(%struct.cpumask* %37, i64 %38) #69 %69 = icmp eq i32 %68, 0 br i1 %69, label %72, label %70 %73 = call i32 @core_sys_select(i32 %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.tcp_mib* %12, %struct.anon.54* %67) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_select %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.54* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.54* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_select %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.54* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.54* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 alarm_try_to_cancel 9 alarm_cancel 10 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %9 = load i8, i8* %8, align 4, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %19, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = bitcast %struct.spinlock* %6 to i8* store volatile i8 0, i8* %20, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %22 = load i32, i32* %21, align 8 %23 = and i32 %22, -2 %24 = icmp eq i32 %23, 8 br i1 %24, label %25, label %28 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %27 = tail call i32 @alarm_cancel(%struct.alarm* %26) #69 Function:alarm_cancel %2 = tail call i32 @alarm_try_to_cancel(%struct.alarm* %0) #69 %3 = icmp sgt i32 %2, -1 br i1 %3, label %7, label %4 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call i32 @alarm_try_to_cancel(%struct.alarm* %0) #69 Function:alarm_try_to_cancel %2 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %3 = load i32, i32* %2, align 8 %4 = zext i32 %3 to i64 %5 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %4, i32 0, i32 0, i32 0 %6 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %5) #69 %7 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1 %8 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %86 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !7 br label %87 %88 = phi %struct.task_struct.54204* [ %84, %83 ], [ %86, %85 ] %89 = icmp eq %struct.task_struct.54204* %88, null br i1 %89, label %113, label %90, !prof !8, !misexpect !9 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %88, i64 0, i32 3 %92 = getelementptr inbounds %union.anon.21, %union.anon.21* %91, i64 0, i32 0, i32 0 %93 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %92, i32 1, i32* %92) #6, !srcloc !10 %94 = icmp eq i32 %93, 0 br i1 %94, label %99, label %95, !prof !8, !misexpect !11 %96 = add i32 %93, 1 %97 = or i32 %96, %93 %98 = icmp sgt i32 %97, -1 br i1 %98, label %101, label %99, !prof !12, !misexpect !11 %100 = phi i32 [ 2, %90 ], [ 1, %95 ] call void @refcount_warn_saturate(%union.anon.21* %91, i32 %100) #69 br label %101 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %102 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %88, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %86 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !7 br label %87 %88 = phi %struct.task_struct.54204* [ %84, %83 ], [ %86, %85 ] %89 = icmp eq %struct.task_struct.54204* %88, null br i1 %89, label %113, label %90, !prof !8, !misexpect !9 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %88, i64 0, i32 3 %92 = getelementptr inbounds %union.anon.21, %union.anon.21* %91, i64 0, i32 0, i32 0 %93 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %92, i32 1, i32* %92) #6, !srcloc !10 %94 = icmp eq i32 %93, 0 br i1 %94, label %99, label %95, !prof !8, !misexpect !11 %96 = add i32 %93, 1 %97 = or i32 %96, %93 %98 = icmp sgt i32 %97, -1 br i1 %98, label %101, label %99, !prof !12, !misexpect !11 %100 = phi i32 [ 2, %90 ], [ 1, %95 ] call void @refcount_warn_saturate(%union.anon.21* %91, i32 %100) #69 br label %101 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %102 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %88, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_compat_sys_waitid 12 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_sys_waitid 12 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_sys_waitid 12 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 __pm_pr_dbg 4 pm_print_active_wakeup_sources 5 pm_get_wakeup_count 6 wakeup_count_show ------------- Path:  Function:wakeup_count_show %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call zeroext i1 @pm_get_wakeup_count(i32* nonnull %4, i1 zeroext true) #69 Function:pm_get_wakeup_count %3 = alloca %struct.wait_queue_entry, align 8 br i1 %1, label %4, label %27 %5 = bitcast %struct.wait_queue_entry* %3 to i8* %6 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 store i32 0, i32* %6, align 8 %7 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %8 = tail call %struct.task_struct.516063* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.516063** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.516063**)) #10, !srcloc !4 %9 = bitcast i8** %7 to %struct.task_struct.516063** store %struct.task_struct.516063* %8, %struct.task_struct.516063** %9, align 8 %10 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = getelementptr inbounds %struct.task_struct.516063, %struct.task_struct.516063* %8, i64 0, i32 0, i32 0 call void @prepare_to_wait(%struct.wait_queue_head* nonnull @wakeup_count_wait_queue, %struct.wait_queue_entry* nonnull %3, i32 1) #69 %15 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @combined_event_count, i64 0, i32 0), align 4 %16 = and i32 %15, 65535 %17 = icmp eq i32 %16, 0 br i1 %17, label %26, label %18 %19 = load volatile i64, i64* %14, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 call void @pm_print_active_wakeup_sources() #70 Function:pm_print_active_wakeup_sources %1 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @wakeup_srcu) #69 %2 = load volatile i64, i64* bitcast (%struct.list_head* @wakeup_sources to i64*), align 8 %3 = inttoptr i64 %2 to i8* %4 = icmp eq i8* %3, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %4, label %45, label %5 %6 = phi i8* [ %37, %31 ], [ %3, %0 ] %7 = phi i64 [ %36, %31 ], [ %2, %0 ] %8 = phi i32 [ %34, %31 ], [ 0, %0 ] %9 = phi %struct.wakeup_source.516196* [ %32, %31 ], [ null, %0 ] %10 = getelementptr i8, i8* %6, i64 -16 %11 = bitcast i8* %10 to %struct.wakeup_source.516196* %12 = getelementptr i8, i8* %6, i64 168 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %19, label %16 %20 = icmp eq i32 %8, 0 br i1 %20, label %21, label %31 %32 = phi %struct.wakeup_source.516196* [ %9, %16 ], [ %9, %19 ], [ %11, %30 ], [ %9, %23 ] %33 = phi i1 [ false, %16 ], [ false, %19 ], [ true, %30 ], [ true, %23 ] %34 = phi i32 [ 1, %16 ], [ 1, %19 ], [ 0, %30 ], [ 0, %23 ] %35 = inttoptr i64 %7 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = inttoptr i64 %36 to i8* %38 = icmp eq i8* %37, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %38, label %39, label %5 %40 = icmp ne %struct.wakeup_source.516196* %32, null %41 = and i1 %40, %33 br i1 %41, label %42, label %45 %43 = getelementptr inbounds %struct.wakeup_source.516196, %struct.wakeup_source.516196* %32, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 tail call void (i1, i8*, ...) @__pm_pr_dbg(i1 zeroext false, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.4.42503, i64 0, i64 0), i8* %44) #69 Function:__pm_pr_dbg %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = load i8, i8* @pm_debug_messages_on, align 1, !range !4 %8 = icmp eq i8 %7, 0 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %10, align 8 %11 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %11, align 8 br i1 %0, label %12, label %14 %13 = call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.7280, i64 0, i64 0), %struct.va_format* nonnull %3) #69 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 __pm_pr_dbg 4 pm_print_active_wakeup_sources 5 wakeup_count_store ------------- Path:  Function:wakeup_count_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.41.7264, i64 0, i64 0), i32* nonnull %5) #69 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %16 %10 = load i32, i32* %5, align 4 %11 = call zeroext i1 @pm_save_wakeup_count(i32 %10) #70 br i1 %11, label %12, label %15 call void @pm_print_active_wakeup_sources() #70 Function:pm_print_active_wakeup_sources %1 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @wakeup_srcu) #69 %2 = load volatile i64, i64* bitcast (%struct.list_head* @wakeup_sources to i64*), align 8 %3 = inttoptr i64 %2 to i8* %4 = icmp eq i8* %3, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %4, label %45, label %5 %6 = phi i8* [ %37, %31 ], [ %3, %0 ] %7 = phi i64 [ %36, %31 ], [ %2, %0 ] %8 = phi i32 [ %34, %31 ], [ 0, %0 ] %9 = phi %struct.wakeup_source.516196* [ %32, %31 ], [ null, %0 ] %10 = getelementptr i8, i8* %6, i64 -16 %11 = bitcast i8* %10 to %struct.wakeup_source.516196* %12 = getelementptr i8, i8* %6, i64 168 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %19, label %16 %20 = icmp eq i32 %8, 0 br i1 %20, label %21, label %31 %32 = phi %struct.wakeup_source.516196* [ %9, %16 ], [ %9, %19 ], [ %11, %30 ], [ %9, %23 ] %33 = phi i1 [ false, %16 ], [ false, %19 ], [ true, %30 ], [ true, %23 ] %34 = phi i32 [ 1, %16 ], [ 1, %19 ], [ 0, %30 ], [ 0, %23 ] %35 = inttoptr i64 %7 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = inttoptr i64 %36 to i8* %38 = icmp eq i8* %37, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %38, label %39, label %5 %40 = icmp ne %struct.wakeup_source.516196* %32, null %41 = and i1 %40, %33 br i1 %41, label %42, label %45 %43 = getelementptr inbounds %struct.wakeup_source.516196, %struct.wakeup_source.516196* %32, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 tail call void (i1, i8*, ...) @__pm_pr_dbg(i1 zeroext false, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.4.42503, i64 0, i64 0), i8* %44) #69 Function:__pm_pr_dbg %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = load i8, i8* @pm_debug_messages_on, align 1, !range !4 %8 = icmp eq i8 %7, 0 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %10, align 8 %11 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %11, align 8 br i1 %0, label %12, label %14 %13 = call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.7280, i64 0, i64 0), %struct.va_format* nonnull %3) #69 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 ring_buffer_write 2 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 br label %70 %71 = getelementptr inbounds i8, i8* %69, i64 8 %72 = bitcast i8* %71 to i64* store i64 ptrtoint (i8* blockaddress(@tracing_mark_write, %70) to i64), i64* %72, align 8 %73 = getelementptr inbounds i8, i8* %69, i64 16 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %20, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %80, label %79 %81 = phi i64 [ -14, %79 ], [ %17, %70 ] %82 = phi i64 [ 9, %79 ], [ %17, %70 ] %83 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 25 %84 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %85 = icmp eq %struct.trace_event_file.96777* %84, null br i1 %85, label %96, label %86 %87 = getelementptr inbounds %struct.trace_event_file.96777, %struct.trace_event_file.96777* %84, i64 0, i32 6 %88 = bitcast %struct.list_head* %87 to i64* %89 = load volatile i64, i64* %88, align 8 %90 = inttoptr i64 %89 to %struct.list_head* %91 = icmp eq %struct.list_head* %87, %90 br i1 %91, label %96, label %92 %97 = phi i32 [ 0, %86 ], [ %95, %92 ], [ 0, %80 ] %98 = add nsw i64 %82, -1 %99 = getelementptr i8, i8* %73, i64 %98 %100 = load i8, i8* %99, align 1 %101 = icmp eq i8 %100, 10 %102 = getelementptr i8, i8* %73, i64 %82 br i1 %101, label %106, label %103 %107 = phi i8* [ %105, %103 ], [ %102, %96 ] store i8 0, i8* %107, align 1 call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %108 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %109 = icmp eq %struct.ring_buffer_event* %108, %27 br i1 %109, label %110, label %117 %111 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 0 %112 = load i32, i32* %111, align 4 %113 = zext i32 %112 to i64 %114 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 1 %115 = bitcast i32* %114 to i8* %116 = call i32 @ring_buffer_write(%struct.ring_buffer* %24, i64 %113, i8* %115) #69 Function:ring_buffer_write %4 = alloca %struct.rb_event_info, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 2, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %420 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %10 = zext i32 %9 to i64 %11 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 4, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %10) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %420, label %15 %16 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 7 %17 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %16, align 8 %18 = sext i32 %9 to i64 %19 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %17, i64 %18 %20 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %19, align 8 %21 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 1, i32 0 %22 = load volatile i32, i32* %21, align 4 %23 = icmp ne i32 %22, 0 %24 = icmp ugt i64 %1, 4072 %25 = or i1 %24, %23 br i1 %25, label %420, label %26 %27 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 8 %28 = load i32, i32* %27, align 8 %29 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %30 = and i32 %29, 2147483647 %31 = zext i32 %30 to i64 %32 = and i64 %31, 2031872 %33 = icmp eq i64 %32, 0 br i1 %33, label %41, label %34 %35 = and i64 %31, 1048576 %36 = icmp eq i64 %35, 0 %37 = and i64 %31, 983040 %38 = icmp eq i64 %37, 0 %39 = select i1 %38, i32 3, i32 2 %40 = select i1 %36, i32 %39, i32 1 br label %41 %42 = phi i32 [ 4, %26 ], [ %40, %34 ] %43 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 16 %44 = load i64, i64* %43, align 8 %45 = trunc i64 %44 to i32 %46 = add i32 %42, %45 %47 = shl nuw i32 1, %46 %48 = and i32 %47, %28 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !8, !misexpect !9 %51 = shl nuw i32 1, %45 %52 = and i32 %51, %28 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %420 %55 = phi i32 [ %42, %41 ], [ 0, %50 ] %56 = add i32 %55, %45 %57 = shl nuw i32 1, %56 %58 = or i32 %57, %28 store i32 %58, i32* %27, align 8 %59 = bitcast %struct.rb_event_info* %4 to i8* %60 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 22, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %60, i64* %60) #6, !srcloc !10 %61 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 23, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %61, i64* %61) #6, !srcloc !10 %62 = trunc i64 %1 to i32 %63 = icmp eq i32 %62, 0 %64 = select i1 %63, i32 1, i32 %62 %65 = icmp ugt i32 %64, 112 %66 = add nuw nsw i32 %64, 4 %67 = select i1 %65, i32 %66, i32 %64 %68 = add nuw nsw i32 %67, 7 %69 = and i32 %68, -4 %70 = icmp eq i32 %69, 12 %71 = select i1 %70, i32 16, i32 %69 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 2 store i64 %72, i64* %73, align 8 %74 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 4 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 1 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 2 %77 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %78 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 0 %79 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 31 %80 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 11 %81 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 11 %82 = bitcast %struct.buffer_page** %81 to i64* %83 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 3 %84 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 12 %85 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 17, i32 0, i32 0 br label %88 %89 = phi %struct.ring_buffer* [ %77, %54 ], [ %199, %197 ] %90 = phi i32 [ 1, %54 ], [ %198, %197 ] %91 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %89, i64 0, i32 9 %92 = load i64 ()*, i64 ()** %91, align 8 %93 = tail call i64 %92() #69 store i64 %93, i64* %78, align 8 %94 = load i64, i64* %79, align 8 %95 = sub i64 %93, %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %96 = load i8, i8* %80, align 8, !range !15 %97 = icmp eq i8 %96, 0 br i1 %97, label %99, label %98 %100 = load i64, i64* %79, align 8 %101 = icmp ult i64 %93, %100 br i1 %101, label %105, label %102, !prof !16, !misexpect !17 store i64 %95, i64* %75, align 8 %103 = icmp ult i64 %95, 134217728 br i1 %103, label %105, label %104, !prof !8, !misexpect !9 call fastcc void @rb_handle_timestamp(%struct.ring_buffer_per_cpu* %20, %struct.rb_event_info* nonnull %4) #69 br label %105 %106 = load i32, i32* %74, align 8 %107 = icmp eq i32 %106, 0 %108 = load i64, i64* %73, align 8 br i1 %107, label %111, label %109, !prof !8, !misexpect !9 %110 = add i64 %108, 8 store i64 %110, i64* %73, align 8 br label %111 %112 = phi i64 [ %110, %109 ], [ %108, %105 ] %113 = load volatile i64, i64* %82, align 8 %114 = inttoptr i64 %113 to %struct.buffer_page* store %struct.buffer_page* %114, %struct.buffer_page** %83, align 8 %115 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 1, i32 0, i32 0 %116 = tail call i64 asm sideeffect " xaddq $0, $1;", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64 %112, i64* %115) #6, !srcloc !18 %117 = add i64 %116, %112 %118 = and i64 %117, 1048575 %119 = sub i64 %118, %112 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %127 %122 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %123 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %122, i64 0, i32 11 %124 = load i8, i8* %123, align 8, !range !15 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %127 store i64 0, i64* %75, align 8 br label %127 %128 = icmp ugt i64 %118, 4080 br i1 %128, label %129, label %131, !prof !16, !misexpect !9 %132 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 5 %133 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %134 = and i64 %119, 4294967295 %135 = getelementptr %struct.buffer_data_page, %struct.buffer_data_page* %133, i64 0, i32 2, i64 %134 %136 = bitcast i8* %135 to %struct.ring_buffer_event* %137 = load i64, i64* %75, align 8 %138 = ptrtoint i8* %135 to i64 %139 = and i64 %138, -4096 %140 = load %struct.buffer_page*, %struct.buffer_page** %84, align 8 %141 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %140, i64 0, i32 5 %142 = load %struct.buffer_data_page*, %struct.buffer_data_page** %141, align 8 %143 = inttoptr i64 %139 to %struct.buffer_data_page* %144 = icmp eq %struct.buffer_data_page* %142, %143 br i1 %144, label %145, label %154 %146 = trunc i64 %138 to i32 %147 = and i32 %146, 4095 %148 = add nsw i32 %147, -16 %149 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %142, i64 0, i32 1, i32 0, i32 0 %150 = load volatile i64, i64* %149, align 8 %151 = trunc i64 %150 to i32 %152 = icmp eq i32 %148, %151 %153 = select i1 %152, i64 %137, i64 0 br label %154 %155 = phi i64 [ 0, %131 ], [ %153, %145 ] br i1 %107, label %164, label %156, !prof !8, !misexpect !9 %157 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %158 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %157, i64 0, i32 11 %159 = load i8, i8* %158, align 8, !range !15 %160 = icmp ne i8 %159, 0 %161 = select i1 %160, i64 %137, i64 %155 %162 = tail call fastcc %struct.ring_buffer_event* @rb_add_time_stamp(%struct.ring_buffer_event* %136, i64 %161, i1 zeroext %160) #69 %163 = add i64 %112, -8 br label %164 %165 = phi i64 [ %163, %156 ], [ %112, %154 ] %166 = phi i64 [ 0, %156 ], [ %155, %154 ] %167 = phi %struct.ring_buffer_event* [ %162, %156 ], [ %136, %154 ] %168 = trunc i64 %166 to i32 %169 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %167, i64 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = shl i32 %168, 5 %172 = and i32 %170, 31 %173 = or i32 %172, %171 store i32 %173, i32* %169, align 4 %174 = trunc i64 %165 to i32 %175 = add i32 %174, -4 %176 = icmp ugt i32 %175, 112 br i1 %176, label %177, label %179 %180 = add nuw nsw i32 %174, 127 %181 = lshr i32 %180, 2 %182 = and i32 %181, 31 %183 = or i32 %182, %171 store i32 %183, i32* %169, align 4 br label %184 %185 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 3, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %185, i64* %185) #6, !srcloc !10 br i1 %120, label %186, label %190 %187 = load i64, i64* %78, align 8 %188 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %189 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %188, i64 0, i32 0 store i64 %187, i64* %189, align 8 br label %190 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %85, i64 %112, i64* %85) #6, !srcloc !19 br label %191 %192 = phi %struct.ring_buffer_event* [ %130, %129 ], [ %136, %190 ] %193 = ptrtoint %struct.ring_buffer_event* %192 to i64 switch i64 %193, label %322 [ i64 -11, label %194 i64 0, label %201 ], !prof !20 %323 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 0, i32 0 %324 = load i32, i32* %323, align 4 %325 = and i32 %324, 30 %326 = icmp eq i32 %325, 30 %327 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 2 %328 = select i1 %326, %struct.ring_buffer_event* %327, %struct.ring_buffer_event* %192 %329 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 0 %330 = load i32, i32* %329, align 4 %331 = and i32 %330, 31 %332 = icmp ugt i32 %331, 28 br i1 %332, label %333, label %334, !prof !16, !misexpect !9 %335 = icmp eq i32 %331, 0 %336 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 0 %337 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 1 %338 = select i1 %335, i32* %337, i32* %336 %339 = bitcast i32* %338 to i8* tail call fastcc void @rb_commit(%struct.ring_buffer_per_cpu* %20, %struct.ring_buffer_event* nonnull %192) #70 %340 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 3 %341 = load i8, i8* %340, align 8, !range !15 %342 = icmp eq i8 %341, 0 br i1 %342, label %346, label %343 store i8 0, i8* %340, align 8 %344 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 0 %345 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %344) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 ring_buffer_write 2 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %34 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %35 = trunc i32 %29 to i8 %36 = getelementptr inbounds i8, i8* %33, i64 3 store i8 %35, i8* %36, align 1 %37 = icmp eq %struct.task_struct.96680* %34, null br i1 %37, label %41, label %38 %39 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 48 %40 = load i32, i32* %39, align 8 br label %41 %42 = phi i32 [ %40, %38 ], [ 0, %32 ] %43 = getelementptr inbounds i8, i8* %33, i64 4 %44 = bitcast i8* %43 to i32* store i32 %42, i32* %44, align 4 %45 = bitcast i8* %33 to i16* store i16 16, i16* %45, align 4 %46 = lshr i64 %22, 9 %47 = trunc i64 %46 to i32 %48 = and i32 %47, 1 %49 = lshr i32 %29, 14 %50 = and i32 %49, 64 %51 = or i32 %50, %48 %52 = and i32 %29, 983040 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i32 0, i32 8 %55 = lshr i32 %29, 4 %56 = and i32 %55, 16 %57 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 0, i32 0 %58 = load volatile i64, i64* %57, align 8 %59 = lshr i64 %58, 1 %60 = trunc i64 %59 to i32 %61 = and i32 %60, 4 %62 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %63 = lshr i32 %62, 26 %64 = and i32 %63, 32 %65 = or i32 %51, %56 %66 = or i32 %65, %54 %67 = or i32 %66, %61 %68 = or i32 %67, %64 %69 = trunc i32 %68 to i8 %70 = xor i8 %69, 33 %71 = getelementptr inbounds i8, i8* %33, i64 2 store i8 %70, i8* %71, align 2 %72 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %73 = getelementptr inbounds i8, i8* %72, i64 8 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %23, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %82, label %79 %83 = phi i64 [ -14, %79 ], [ %20, %41 ] call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %84 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %85 = icmp eq %struct.ring_buffer_event* %84, %30 br i1 %85, label %86, label %93 %87 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 0 %88 = load i32, i32* %87, align 4 %89 = zext i32 %88 to i64 %90 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 1 %91 = bitcast i32* %90 to i8* %92 = call i32 @ring_buffer_write(%struct.ring_buffer* %27, i64 %89, i8* %91) #69 Function:ring_buffer_write %4 = alloca %struct.rb_event_info, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 2, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %420 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %10 = zext i32 %9 to i64 %11 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 4, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %10) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %420, label %15 %16 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 7 %17 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %16, align 8 %18 = sext i32 %9 to i64 %19 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %17, i64 %18 %20 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %19, align 8 %21 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 1, i32 0 %22 = load volatile i32, i32* %21, align 4 %23 = icmp ne i32 %22, 0 %24 = icmp ugt i64 %1, 4072 %25 = or i1 %24, %23 br i1 %25, label %420, label %26 %27 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 8 %28 = load i32, i32* %27, align 8 %29 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %30 = and i32 %29, 2147483647 %31 = zext i32 %30 to i64 %32 = and i64 %31, 2031872 %33 = icmp eq i64 %32, 0 br i1 %33, label %41, label %34 %35 = and i64 %31, 1048576 %36 = icmp eq i64 %35, 0 %37 = and i64 %31, 983040 %38 = icmp eq i64 %37, 0 %39 = select i1 %38, i32 3, i32 2 %40 = select i1 %36, i32 %39, i32 1 br label %41 %42 = phi i32 [ 4, %26 ], [ %40, %34 ] %43 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 16 %44 = load i64, i64* %43, align 8 %45 = trunc i64 %44 to i32 %46 = add i32 %42, %45 %47 = shl nuw i32 1, %46 %48 = and i32 %47, %28 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !8, !misexpect !9 %51 = shl nuw i32 1, %45 %52 = and i32 %51, %28 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %420 %55 = phi i32 [ %42, %41 ], [ 0, %50 ] %56 = add i32 %55, %45 %57 = shl nuw i32 1, %56 %58 = or i32 %57, %28 store i32 %58, i32* %27, align 8 %59 = bitcast %struct.rb_event_info* %4 to i8* %60 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 22, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %60, i64* %60) #6, !srcloc !10 %61 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 23, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %61, i64* %61) #6, !srcloc !10 %62 = trunc i64 %1 to i32 %63 = icmp eq i32 %62, 0 %64 = select i1 %63, i32 1, i32 %62 %65 = icmp ugt i32 %64, 112 %66 = add nuw nsw i32 %64, 4 %67 = select i1 %65, i32 %66, i32 %64 %68 = add nuw nsw i32 %67, 7 %69 = and i32 %68, -4 %70 = icmp eq i32 %69, 12 %71 = select i1 %70, i32 16, i32 %69 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 2 store i64 %72, i64* %73, align 8 %74 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 4 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 1 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 2 %77 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %78 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 0 %79 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 31 %80 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 11 %81 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 11 %82 = bitcast %struct.buffer_page** %81 to i64* %83 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 3 %84 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 12 %85 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 17, i32 0, i32 0 br label %88 %89 = phi %struct.ring_buffer* [ %77, %54 ], [ %199, %197 ] %90 = phi i32 [ 1, %54 ], [ %198, %197 ] %91 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %89, i64 0, i32 9 %92 = load i64 ()*, i64 ()** %91, align 8 %93 = tail call i64 %92() #69 store i64 %93, i64* %78, align 8 %94 = load i64, i64* %79, align 8 %95 = sub i64 %93, %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %96 = load i8, i8* %80, align 8, !range !15 %97 = icmp eq i8 %96, 0 br i1 %97, label %99, label %98 %100 = load i64, i64* %79, align 8 %101 = icmp ult i64 %93, %100 br i1 %101, label %105, label %102, !prof !16, !misexpect !17 store i64 %95, i64* %75, align 8 %103 = icmp ult i64 %95, 134217728 br i1 %103, label %105, label %104, !prof !8, !misexpect !9 call fastcc void @rb_handle_timestamp(%struct.ring_buffer_per_cpu* %20, %struct.rb_event_info* nonnull %4) #69 br label %105 %106 = load i32, i32* %74, align 8 %107 = icmp eq i32 %106, 0 %108 = load i64, i64* %73, align 8 br i1 %107, label %111, label %109, !prof !8, !misexpect !9 %110 = add i64 %108, 8 store i64 %110, i64* %73, align 8 br label %111 %112 = phi i64 [ %110, %109 ], [ %108, %105 ] %113 = load volatile i64, i64* %82, align 8 %114 = inttoptr i64 %113 to %struct.buffer_page* store %struct.buffer_page* %114, %struct.buffer_page** %83, align 8 %115 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 1, i32 0, i32 0 %116 = tail call i64 asm sideeffect " xaddq $0, $1;", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64 %112, i64* %115) #6, !srcloc !18 %117 = add i64 %116, %112 %118 = and i64 %117, 1048575 %119 = sub i64 %118, %112 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %127 %122 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %123 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %122, i64 0, i32 11 %124 = load i8, i8* %123, align 8, !range !15 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %127 store i64 0, i64* %75, align 8 br label %127 %128 = icmp ugt i64 %118, 4080 br i1 %128, label %129, label %131, !prof !16, !misexpect !9 %132 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 5 %133 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %134 = and i64 %119, 4294967295 %135 = getelementptr %struct.buffer_data_page, %struct.buffer_data_page* %133, i64 0, i32 2, i64 %134 %136 = bitcast i8* %135 to %struct.ring_buffer_event* %137 = load i64, i64* %75, align 8 %138 = ptrtoint i8* %135 to i64 %139 = and i64 %138, -4096 %140 = load %struct.buffer_page*, %struct.buffer_page** %84, align 8 %141 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %140, i64 0, i32 5 %142 = load %struct.buffer_data_page*, %struct.buffer_data_page** %141, align 8 %143 = inttoptr i64 %139 to %struct.buffer_data_page* %144 = icmp eq %struct.buffer_data_page* %142, %143 br i1 %144, label %145, label %154 %146 = trunc i64 %138 to i32 %147 = and i32 %146, 4095 %148 = add nsw i32 %147, -16 %149 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %142, i64 0, i32 1, i32 0, i32 0 %150 = load volatile i64, i64* %149, align 8 %151 = trunc i64 %150 to i32 %152 = icmp eq i32 %148, %151 %153 = select i1 %152, i64 %137, i64 0 br label %154 %155 = phi i64 [ 0, %131 ], [ %153, %145 ] br i1 %107, label %164, label %156, !prof !8, !misexpect !9 %157 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %158 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %157, i64 0, i32 11 %159 = load i8, i8* %158, align 8, !range !15 %160 = icmp ne i8 %159, 0 %161 = select i1 %160, i64 %137, i64 %155 %162 = tail call fastcc %struct.ring_buffer_event* @rb_add_time_stamp(%struct.ring_buffer_event* %136, i64 %161, i1 zeroext %160) #69 %163 = add i64 %112, -8 br label %164 %165 = phi i64 [ %163, %156 ], [ %112, %154 ] %166 = phi i64 [ 0, %156 ], [ %155, %154 ] %167 = phi %struct.ring_buffer_event* [ %162, %156 ], [ %136, %154 ] %168 = trunc i64 %166 to i32 %169 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %167, i64 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = shl i32 %168, 5 %172 = and i32 %170, 31 %173 = or i32 %172, %171 store i32 %173, i32* %169, align 4 %174 = trunc i64 %165 to i32 %175 = add i32 %174, -4 %176 = icmp ugt i32 %175, 112 br i1 %176, label %177, label %179 %180 = add nuw nsw i32 %174, 127 %181 = lshr i32 %180, 2 %182 = and i32 %181, 31 %183 = or i32 %182, %171 store i32 %183, i32* %169, align 4 br label %184 %185 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 3, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %185, i64* %185) #6, !srcloc !10 br i1 %120, label %186, label %190 %187 = load i64, i64* %78, align 8 %188 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %189 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %188, i64 0, i32 0 store i64 %187, i64* %189, align 8 br label %190 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %85, i64 %112, i64* %85) #6, !srcloc !19 br label %191 %192 = phi %struct.ring_buffer_event* [ %130, %129 ], [ %136, %190 ] %193 = ptrtoint %struct.ring_buffer_event* %192 to i64 switch i64 %193, label %322 [ i64 -11, label %194 i64 0, label %201 ], !prof !20 %323 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 0, i32 0 %324 = load i32, i32* %323, align 4 %325 = and i32 %324, 30 %326 = icmp eq i32 %325, 30 %327 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 2 %328 = select i1 %326, %struct.ring_buffer_event* %327, %struct.ring_buffer_event* %192 %329 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 0 %330 = load i32, i32* %329, align 4 %331 = and i32 %330, 31 %332 = icmp ugt i32 %331, 28 br i1 %332, label %333, label %334, !prof !16, !misexpect !9 %335 = icmp eq i32 %331, 0 %336 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 0 %337 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 1 %338 = select i1 %335, i32* %337, i32* %336 %339 = bitcast i32* %338 to i8* tail call fastcc void @rb_commit(%struct.ring_buffer_per_cpu* %20, %struct.ring_buffer_event* nonnull %192) #70 %340 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 3 %341 = load i8, i8* %340, align 8, !range !15 %342 = icmp eq i8 %341, 0 br i1 %342, label %346, label %343 store i8 0, i8* %340, align 8 %344 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 0 %345 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %344) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %22 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @lazy_list) #6, !srcloc !7 %23 = inttoptr i64 %22 to %struct.llist_node* %24 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %23) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 i915_request_retire 2 i915_retire_requests 3 i915_gem_wait_for_idle 4 i915_gem_mmap_gtt 5 i915_gem_mmap_gtt_ioctl ------------- Path:  Function:i915_gem_mmap_gtt_ioctl %4 = bitcast i8* %1 to i32* %5 = load i32, i32* %4, align 8 %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i64* %8 = tail call i32 @i915_gem_mmap_gtt(%struct.drm_file.414831* %2, %struct.drm_device.414966* undef, i32 %5, i64* %7) #69 Function:i915_gem_mmap_gtt tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.drm_file.414831, %struct.drm_file.414831* %0, i64 0, i32 12 %6 = zext i32 %2 to i64 %7 = tail call i8* @idr_find(%struct.idr* %5, i64 %6) #69 %8 = icmp eq i8* %7, null br i1 %8, label %32, label %9 %10 = bitcast i8* %7 to %union.anon.21* %11 = bitcast i8* %7 to i32* %12 = load volatile i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %24, label %14 %15 = phi i32 [ %22, %21 ], [ %12, %9 ] %16 = add i32 %15, 1 %17 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %11, i32 %16, i32* nonnull %11, i32 %15) #6, !srcloc !5 %18 = extractvalue { i8, i32 } %17, 0 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %24, !prof !6, !misexpect !7 %22 = extractvalue { i8, i32 } %17, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %14 %25 = phi i32 [ 0, %9 ], [ %15, %14 ], [ 0, %21 ] %26 = add i32 %25, 1 %27 = or i32 %26, %25 %28 = icmp sgt i32 %27, -1 br i1 %28, label %30, label %29, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* nonnull %10, i32 0) #69 br label %30 %31 = icmp eq i32 %25, 0 br i1 %31, label %32, label %33 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %34 = getelementptr inbounds i8, i8* %7, i64 320 %35 = bitcast i8* %34 to %struct.drm_i915_gem_object_ops.414969** %36 = load %struct.drm_i915_gem_object_ops.414969*, %struct.drm_i915_gem_object_ops.414969** %35, align 8 %37 = getelementptr inbounds %struct.drm_i915_gem_object_ops.414969, %struct.drm_i915_gem_object_ops.414969* %36, i64 0, i32 0 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %72 %42 = bitcast i8* %7 to %struct.drm_gem_object.414849* %43 = getelementptr inbounds i8, i8* %7, i64 8 %44 = bitcast i8* %43 to %struct.drm_i915_private.415254** %45 = load %struct.drm_i915_private.415254*, %struct.drm_i915_private.415254** %44, align 8 %46 = tail call i32 bitcast (i32 (%struct.drm_gem_object.363738*)* @drm_gem_create_mmap_offset to i32 (%struct.drm_gem_object.414849*)*)(%struct.drm_gem_object.414849* nonnull %42) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %67, label %48, !prof !8, !misexpect !10 %49 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 62, i32 7, i32 0 %50 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 62, i32 6 %51 = getelementptr inbounds %struct.drm_i915_private.415254, %struct.drm_i915_private.415254* %45, i64 0, i32 114, i32 1 br label %52 %53 = tail call i32 bitcast (i32 (%struct.drm_i915_private.433198*, i32, i64)* @i915_gem_wait_for_idle to i32 (%struct.drm_i915_private.415254*, i32, i64)*)(%struct.drm_i915_private.415254* %45, i32 1, i64 9223372036854775807) #69 %56 = load volatile i32, i32* %49, align 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58 %59 = tail call zeroext i1 @flush_work(%struct.work_struct* %50) #69 tail call void @rcu_barrier() #69 %60 = load volatile i32, i32* %49, align 4 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %58 %63 = tail call i32 bitcast (i32 (%struct.drm_gem_object.363738*)* @drm_gem_create_mmap_offset to i32 (%struct.drm_gem_object.414849*)*)(%struct.drm_gem_object.414849* nonnull %42) #69 %64 = icmp eq i32 %63, 0 br i1 %64, label %67, label %65 %66 = tail call zeroext i1 @flush_delayed_work(%struct.delayed_work* %51) #69 br i1 %66, label %52, label %72 %53 = tail call i32 bitcast (i32 (%struct.drm_i915_private.433198*, i32, i64)* @i915_gem_wait_for_idle to i32 (%struct.drm_i915_private.415254*, i32, i64)*)(%struct.drm_i915_private.415254* %45, i32 1, i64 9223372036854775807) #69 Function:i915_gem_wait_for_idle %4 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 6, i32 2 %5 = load volatile i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %131, label %7 %8 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 5, i32 0, i32 0, i32 0 %9 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #69 %10 = getelementptr inbounds %struct.drm_i915_private.433198, %struct.drm_i915_private.433198* %0, i64 0, i32 113, i32 5, i32 1 %11 = bitcast %struct.list_head* %10 to i8** %12 = load i8*, i8** %11, align 8 %13 = bitcast i8* %12 to %struct.list_head* %14 = icmp eq %struct.list_head* %10, %13 br i1 %14, label %119, label %15 %16 = and i32 %1, 16 %17 = icmp eq i32 %16, 0 %18 = getelementptr %struct.list_head, %struct.list_head* %10, i64 -10, i32 1 %19 = bitcast %struct.list_head** %18 to %struct.intel_timeline.432983* br label %20 %21 = phi i8* [ %12, %15 ], [ %116, %110 ] %22 = phi i64 [ %2, %15 ], [ %113, %110 ] %23 = phi i64 [ %9, %15 ], [ %111, %110 ] %24 = getelementptr i8, i8* %21, i64 -152 %25 = bitcast i8* %24 to %struct.intel_timeline.432983* %26 = getelementptr i8, i8* %21, i64 -40 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %27 = bitcast i8* %26 to i64* %28 = load volatile i64, i64* %27, align 8 %29 = icmp eq i64 %28, 0 br i1 %29, label %90, label %30 %31 = phi i64 [ %88, %87 ], [ %28, %20 ] %32 = inttoptr i64 %31 to %struct.i915_request.432980* %33 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 1 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %90 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %38 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 19 %39 = load i32*, i32** %38, align 8 %40 = load volatile i32, i32* %39, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %41 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 4 %42 = load i64, i64* %41, align 8 %43 = trunc i64 %42 to i32 %44 = sub i32 %40, %43 %45 = icmp sgt i32 %44, -1 br i1 %45, label %90, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %47 = getelementptr inbounds %struct.i915_request.432980, %struct.i915_request.432980* %32, i64 0, i32 0, i32 6 %48 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %47, i64 0, i32 0 %49 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %47, i64 0, i32 0, i32 0, i32 0 %50 = load volatile i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %62, label %52 %53 = phi i32 [ %60, %59 ], [ %50, %46 ] %54 = add i32 %53, 1 %55 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32 %54, i32* %49, i32 %53) #6, !srcloc !7 %56 = extractvalue { i8, i32 } %55, 0 %57 = and i8 %56, 1 %58 = icmp eq i8 %57, 0 br i1 %58, label %59, label %62, !prof !8, !misexpect !9 %60 = extractvalue { i8, i32 } %55, 1 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %52 %63 = phi i32 [ 0, %46 ], [ %53, %52 ], [ 0, %59 ] %64 = add i32 %63, 1 %65 = or i32 %64, %63 %66 = icmp sgt i32 %65, -1 br i1 %66, label %68, label %67, !prof !10, !misexpect !9 tail call void @refcount_warn_saturate(%union.anon.21* %48, i32 0) #69 br label %68 %69 = icmp eq i32 %63, 0 %70 = select i1 %69, %struct.i915_request.432980* null, %struct.i915_request.432980* %32 br i1 %69, label %90, label %71 %72 = load volatile i64, i64* %27, align 8 %73 = inttoptr i64 %72 to %struct.i915_request.432980* %74 = icmp eq %struct.i915_request.432980* %70, %73 br i1 %74, label %91, label %75 %92 = inttoptr i64 %31 to %struct.i915_request.432980* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %93 = icmp eq i64 %31, 0 br i1 %93, label %110, label %94 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %8, i64 %23) #69 br i1 %17, label %96, label %95 tail call void bitcast (void (%struct.i915_request.388092*)* @gen6_rps_boost to void (%struct.i915_request.432980*)*)(%struct.i915_request.432980* nonnull %92) #69 br label %96 %97 = tail call i64 bitcast (i64 (%struct.i915_request.434908*, i32, i64)* @i915_request_wait to i64 (%struct.i915_request.432980*, i32, i64)*)(%struct.i915_request.432980* nonnull %92, i32 %1, i64 %22) #69 %98 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %49, i32 -1, i32* %49) #6, !srcloc !11 %99 = icmp eq i32 %98, 1 br i1 %99, label %105, label %100 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 tail call void @dma_fence_release(%struct.qspinlock* %47) #69 br label %106 %107 = icmp slt i64 %97, 0 br i1 %107, label %123, label %108 %109 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %8) #69 br label %110 %111 = phi i64 [ %23, %90 ], [ %23, %91 ], [ %109, %108 ] %112 = phi %struct.intel_timeline.432983* [ %25, %90 ], [ %25, %91 ], [ %19, %108 ] %113 = phi i64 [ %22, %90 ], [ %22, %91 ], [ %97, %108 ] %114 = getelementptr inbounds %struct.intel_timeline.432983, %struct.intel_timeline.432983* %112, i64 0, i32 13, i32 0 %115 = bitcast %struct.list_head** %114 to i8** %116 = load i8*, i8** %115, align 8 %117 = bitcast i8* %116 to %struct.list_head* %118 = icmp eq %struct.list_head* %10, %117 br i1 %118, label %119, label %20 %120 = phi i64 [ %9, %7 ], [ %111, %110 ] %121 = phi i64 [ %2, %7 ], [ %113, %110 ] tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %8, i64 %120) #69 %122 = icmp slt i64 %121, 0 br i1 %122, label %123, label %126 %127 = and i32 %1, 2 %128 = icmp eq i32 %127, 0 br i1 %128, label %131, label %129 %130 = tail call zeroext i1 bitcast (i1 (%struct.drm_i915_private.434902*)* @i915_retire_requests to i1 (%struct.drm_i915_private.433198*)*)(%struct.drm_i915_private.433198* %0) #69 Function:i915_retire_requests %2 = alloca %struct.list_head, align 8 %3 = bitcast %struct.list_head* %2 to i8* %4 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 0 store %struct.list_head* %2, %struct.list_head** %4, align 8 %5 = getelementptr inbounds %struct.list_head, %struct.list_head* %2, i64 0, i32 1 store %struct.list_head* %2, %struct.list_head** %5, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.434902, %struct.drm_i915_private.434902* %0, i64 0, i32 113, i32 5, i32 0, i32 0, i32 0 %7 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %6) #69 %8 = getelementptr inbounds %struct.drm_i915_private.434902, %struct.drm_i915_private.434902* %0, i64 0, i32 113, i32 5, i32 1 %9 = bitcast %struct.list_head* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast i8* %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %8, %11 br i1 %12, label %98, label %13 %14 = getelementptr i8, i8* %10, i64 -152 %15 = bitcast i8* %14 to %struct.intel_timeline.434688* %16 = bitcast i8* %10 to i8** %17 = bitcast %struct.list_head* %2 to i64* br label %18 %19 = phi %struct.list_head* [ %11, %13 ], [ %96, %91 ] %20 = phi %struct.intel_timeline.434688* [ %15, %13 ], [ %93, %91 ] %21 = phi i8** [ %16, %13 ], [ %95, %91 ] %22 = phi i64 [ %7, %13 ], [ %92, %91 ] %23 = load i8*, i8** %21, align 8 %24 = getelementptr i8, i8* %23, i64 -152 %25 = bitcast i8* %24 to %struct.intel_timeline.434688* %26 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 2 %27 = call i32 @mutex_trylock(%struct.mutex* %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %91, label %29 %30 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 15 %31 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %30, i64 0, i32 0 %32 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %30, i64 0, i32 0, i32 0, i32 0 %33 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %32, i32 1, i32* %32) #6, !srcloc !4 %34 = icmp eq i32 %33, 0 br i1 %34, label %39, label %35, !prof !5, !misexpect !6 %36 = add i32 %33, 1 %37 = or i32 %36, %33 %38 = icmp sgt i32 %37, -1 br i1 %38, label %41, label %39, !prof !7, !misexpect !6 %40 = phi i32 [ 2, %29 ], [ 1, %35 ] call void @refcount_warn_saturate(%union.anon.21* %31, i32 %40) #69 br label %41 %42 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 4 %43 = load i32, i32* %42, align 4 %44 = add i32 %43, 1 store i32 %44, i32* %42, align 4 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %6, i64 %22) #69 %45 = getelementptr inbounds %struct.intel_timeline.434688, %struct.intel_timeline.434688* %20, i64 0, i32 10 %46 = bitcast %struct.list_head* %45 to i8** %47 = load i8*, i8** %46, align 8 br label %48 %49 = phi i8* [ %47, %41 ], [ %54, %52 ] %50 = bitcast i8* %49 to %struct.list_head* %51 = icmp eq %struct.list_head* %45, %50 br i1 %51, label %58, label %52 %53 = bitcast i8* %49 to i8** %54 = load i8*, i8** %53, align 8 %55 = getelementptr i8, i8* %49, i64 -536 %56 = bitcast i8* %55 to %struct.i915_request.434908* %57 = call fastcc zeroext i1 @i915_request_retire(%struct.i915_request.434908* %56) #69 Function:i915_request_retire %2 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 0, i32 5 %3 = load volatile i64, i64* %2, align 8 %4 = and i64 %3, 1 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %15 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_i915_request_retire to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@i915_request_retire, %16)) #6 to label %38 [label %16], !srcloc !6 %39 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 23 %40 = load i32, i32* %39, align 8 %41 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 6 %42 = load %struct.intel_ring.434684*, %struct.intel_ring.434684** %41, align 8 %43 = getelementptr inbounds %struct.intel_ring.434684, %struct.intel_ring.434684* %42, i64 0, i32 4 store i32 %40, i32* %43, align 4 %44 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 29 %45 = bitcast %struct.list_head* %44 to i8** %46 = load i8*, i8** %45, align 8 %47 = bitcast i8* %46 to %struct.list_head* %48 = icmp eq %struct.list_head* %44, %47 br i1 %48, label %68, label %49 %50 = getelementptr i8, i8* %46, i64 -8 br label %51 %52 = phi i8* [ %55, %51 ], [ %46, %49 ] %53 = phi i8* [ %56, %51 ], [ %50, %49 ] %54 = bitcast i8* %52 to i8** %55 = load i8*, i8** %54, align 8 %56 = getelementptr i8, i8* %55, i64 -8 %57 = bitcast i8* %53 to %struct.i915_active_request.434686* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09prefetcht0 ${1:P}\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 6*32+ 8)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09prefetchw ${1:P}\0A6651:\0A.popsection\0A", "i,*m,~{dirflag},~{fpsr},~{flags}"(i32 0, i8* %56) #6, !srcloc !11 %58 = ptrtoint i8* %52 to i64 %59 = bitcast i8* %52 to i64* store volatile i64 %58, i64* %59, align 8 %60 = getelementptr inbounds i8, i8* %53, i64 16 %61 = bitcast i8* %60 to i8** store i8* %52, i8** %61, align 8 %62 = bitcast i8* %53 to i64* store volatile i64 0, i64* %62, align 8 %63 = getelementptr inbounds i8, i8* %53, i64 24 %64 = bitcast i8* %63 to void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)** %65 = load void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)*, void (%struct.i915_active_request.434686*, %struct.i915_request.434908*)** %64, align 8 tail call void %65(%struct.i915_active_request.434686* %57, %struct.i915_request.434908* %0) #69 %66 = bitcast i8* %55 to %struct.list_head* %67 = icmp eq %struct.list_head* %44, %66 br i1 %67, label %68, label %51 tail call void asm sideeffect "cli", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %69 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 4 %70 = bitcast %struct.intel_engine_cs.434707** %69 to i64* %71 = load volatile i64, i64* %70, align 8 %72 = inttoptr i64 %71 to %struct.intel_engine_cs.434707* %73 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %72, i64 0, i32 18, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %73) #69 %74 = load volatile i64, i64* %70, align 8 %75 = inttoptr i64 %74 to %struct.intel_engine_cs.434707* %76 = icmp eq %struct.intel_engine_cs.434707* %72, %75 br i1 %76, label %86, label %77, !prof !13, !misexpect !14 %78 = phi %struct.intel_engine_cs.434707* [ %84, %77 ], [ %75, %68 ] %79 = phi %struct.intel_engine_cs.434707* [ %78, %77 ], [ %72, %68 ] %80 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %79, i64 0, i32 18, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %81 = bitcast %struct.spinlock* %80 to i8* store volatile i8 0, i8* %81, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %82 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %78, i64 0, i32 18, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %82) #69 %83 = load volatile i64, i64* %70, align 8 %84 = inttoptr i64 %83 to %struct.intel_engine_cs.434707* %85 = icmp eq %struct.intel_engine_cs.434707* %78, %84 br i1 %85, label %86, label %77, !prof !13, !misexpect !14 %87 = phi %struct.intel_engine_cs.434707* [ %72, %68 ], [ %78, %77 ] %88 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 16, i32 2, i32 1 %89 = load %struct.list_head*, %struct.list_head** %88, align 8 %90 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 16, i32 2, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = getelementptr inbounds %struct.list_head, %struct.list_head* %91, i64 0, i32 1 store %struct.list_head* %89, %struct.list_head** %92, align 8 %93 = ptrtoint %struct.list_head* %91 to i64 %94 = bitcast %struct.list_head* %89 to i64* store volatile i64 %93, i64* %94, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %90, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %88, align 8 %95 = getelementptr inbounds %struct.intel_engine_cs.434707, %struct.intel_engine_cs.434707* %87, i64 0, i32 18, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %96 = bitcast %struct.spinlock* %95 to i8* store volatile i8 0, i8* %96, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !16 %97 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 1 %98 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %97, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %98) #69 %99 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 0, i32 4 %100 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 19 %101 = bitcast i32** %100 to i64** store i64* %99, i64** %101, align 8 %102 = load volatile i64, i64* %2, align 8 %103 = and i64 %102, 1 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %108 %109 = load volatile i64, i64* %2, align 8 %110 = and i64 %109, 4 %111 = icmp eq i64 %110, 0 br i1 %111, label %113, label %112 %114 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 31 %115 = load i64, i64* %114, align 8 %116 = and i64 %115, 1 %117 = icmp eq i64 %116, 0 br i1 %117, label %122, label %118 %123 = load volatile i64, i64* %2, align 8 %124 = and i64 %123, 8 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %148 %127 = bitcast i64* %2 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %127, i8 8, i8* %127) #6, !srcloc !18 %128 = getelementptr inbounds %struct.i915_request.434908, %struct.i915_request.434908* %0, i64 0, i32 13 %129 = bitcast %struct.list_head* %128 to i64* %130 = load volatile i64, i64* %129, align 8 %131 = inttoptr i64 %130 to %struct.list_head* %132 = icmp eq %struct.list_head* %128, %131 %133 = inttoptr i64 %130 to %struct.execute_cb* br i1 %132, label %148, label %134 %135 = getelementptr inbounds %struct.execute_cb, %struct.execute_cb* %133, i64 0, i32 0 %136 = icmp eq %struct.list_head* %135, %128 br i1 %136, label %145, label %137 %138 = phi %struct.execute_cb* [ %142, %137 ], [ %133, %134 ] %139 = getelementptr inbounds %struct.execute_cb, %struct.execute_cb* %138, i64 0, i32 1 %140 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %139) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 p4_pmu_handle_irq ------------- Path:  Function:p4_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events.4110* %6 = load i32, i32* getelementptr inbounds (%struct.x86_pmu.4114, %struct.x86_pmu.4114* bitcast (%struct.x86_pmu* @x86_pmu to %struct.x86_pmu.4114*), i64 0, i32 18), align 4 %7 = icmp sgt i32 %6, 0 br i1 %7, label %8, label %102 %9 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 1, i64 0 %10 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %11 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %12 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 %14 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 2, i64 0 br label %15 %16 = phi i64 [ 0, %8 ], [ %95, %93 ] %17 = phi i32 [ 0, %8 ], [ %94, %93 ] %18 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %9, i64 %16) #6, !srcloc !5 %19 = and i8 %18, 1 %20 = icmp eq i8 %19, 0 br i1 %20, label %21, label %26 %27 = getelementptr %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %5, i64 0, i32 0, i64 %16 %28 = load %struct.perf_event.4099*, %struct.perf_event.4099** %27, align 8 %29 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 0, i32 0, i32 5 %30 = load i32, i32* %29, align 4 %31 = zext i32 %30 to i64 %32 = icmp eq i64 %16, %31 br i1 %32, label %34, label %33, !prof !7, !misexpect !8 %35 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 0, i32 0, i32 2 %36 = load i64, i64* %35, align 8 %37 = trunc i64 %36 to i32 %38 = call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 %37) #6, !srcloc !11 %39 = extractvalue { i64, i64 } %38, 0 %40 = extractvalue { i64, i64 } %38, 1 %41 = shl i64 %40, 32 %42 = or i64 %41, %39 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %43)) #6 to label %44 [label %43], !srcloc !12 call void @do_trace_read_msr(i32 %37, i64 %42, i32 0) #69 br label %44 %45 = trunc i64 %39 to i32 %46 = icmp sgt i32 %45, -1 br i1 %46, label %56, label %47 %48 = load i64, i64* %35, align 8 %49 = trunc i64 %48 to i32 %50 = and i64 %42, -2147483649 %51 = trunc i64 %50 to i32 %52 = lshr i64 %42, 32 %53 = trunc i64 %52 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 %49, i32 %51, i32 %53) #6, !srcloc !13 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@p4_pmu_handle_irq, %54)) #6 to label %71 [label %54], !srcloc !12 call void @do_trace_write_msr(i32 %49, i64 %50, i32 0) #69 %55 = call i64 bitcast (i64 (%struct.perf_event*)* @x86_perf_event_update to i64 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %28) #69 br label %82 %83 = phi i32 [ 1, %54 ], [ 0, %75 ], [ %72, %71 ] %84 = add i32 %83, %17 %85 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %28, i64 0, i32 26, i32 7 %86 = load i64, i64* %85, align 8 store i64 %86, i64* %10, align 8 store i64 0, i64* %11, align 32 store i64 84410401, i64* %12, align 16 store i64 0, i64* %13, align 8 %87 = call i32 bitcast (i32 (%struct.perf_event*)* @x86_perf_event_set_period to i32 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %28) #69 %88 = icmp eq i32 %87, 0 br i1 %88, label %93, label %89 %90 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.4099*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.4099* %28, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 knc_pmu_handle_irq ------------- Path:  Function:knc_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = alloca i64, align 8 %4 = bitcast %struct.perf_sample_data* %2 to i8* %5 = bitcast i64* %3 to i8* %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %7 = inttoptr i64 %6 to %struct.cpu_hw_events.4110* %8 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 47) #6, !srcloc !5 %9 = extractvalue { i64, i64 } %8, 0 %10 = extractvalue { i64, i64 } %8, 1 %11 = shl i64 %10, 32 %12 = or i64 %11, %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %13)) #6 to label %14 [label %13], !srcloc !6 tail call void @do_trace_read_msr(i32 47, i64 %12, i32 0) #69 br label %14 %15 = and i64 %12, -4 %16 = trunc i64 %15 to i32 %17 = lshr i64 %12, 32 %18 = trunc i64 %17 to i32 tail call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 47, i32 %16, i32 %18) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %19)) #6 to label %20 [label %19], !srcloc !6 %21 = tail call { i64, i64 } asm sideeffect "1: rdmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_rdmsr_unsafe) - .\0A .popsection\0A", "={ax},={dx},{cx},~{dirflag},~{fpsr},~{flags}"(i32 45) #6, !srcloc !5 %22 = extractvalue { i64, i64 } %21, 0 %23 = extractvalue { i64, i64 } %21, 1 %24 = shl i64 %23, 32 %25 = or i64 %24, %22 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_read_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %26)) #6 to label %27 [label %26], !srcloc !6 store i64 %25, i64* %3, align 8 %28 = icmp eq i64 %25, 0 br i1 %28, label %35, label %29 %30 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %7, i64 0, i32 1, i64 0 %31 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %32 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %33 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %34 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %48 %49 = phi i64 [ %99, %101 ], [ %25, %29 ] %50 = phi i32 [ %57, %101 ], [ 0, %29 ] %51 = phi i32 [ %94, %101 ], [ 0, %29 ] %52 = trunc i64 %49 to i32 %53 = lshr i64 %49, 32 %54 = trunc i64 %53 to i32 call void asm sideeffect "1: wrmsr\0A2:\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (2b) - .\0A .long (ex_handler_wrmsr_unsafe) - .\0A .popsection\0A", "{cx},{ax},{dx},~{memory},~{dirflag},~{fpsr},~{flags}"(i32 46, i32 %52, i32 %54) #6, !srcloc !7 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_write_msr to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@knc_pmu_handle_irq, %55)) #6 to label %56 [label %55], !srcloc !6 %57 = add nuw nsw i32 %50, 1 %58 = icmp eq i32 %50, 100 br i1 %58, label %59, label %63 call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9), i32* getelementptr inbounds (%struct.irq_cpustat_t, %struct.irq_cpustat_t* @irq_stat, i64 0, i32 9)) #6, !srcloc !12 %64 = call i64 @find_first_bit(i64* nonnull %3, i64 64) #69 %65 = trunc i64 %64 to i32 %66 = icmp slt i32 %65, 64 br i1 %66, label %67, label %93 %68 = phi i32 [ %74, %87 ], [ %51, %63 ] %69 = phi i64 [ %90, %87 ], [ %64, %63 ] %70 = shl i64 %69, 32 %71 = ashr exact i64 %70, 32 %72 = getelementptr %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %7, i64 0, i32 0, i64 %71 %73 = load %struct.perf_event.4099*, %struct.perf_event.4099** %72, align 8 %74 = add i32 %68, 1 %75 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %71) #6, !srcloc !13 %76 = and i8 %75, 1 %77 = icmp eq i8 %76, 0 br i1 %77, label %87, label %78 %79 = call i32 bitcast (i32 (%struct.perf_event.5941*)* @intel_pmu_save_and_restart to i32 (%struct.perf_event.4099*)*)(%struct.perf_event.4099* %73) #69 %80 = icmp eq i32 %79, 0 br i1 %80, label %87, label %81 %82 = getelementptr inbounds %struct.perf_event.4099, %struct.perf_event.4099* %73, i64 0, i32 26, i32 7 %83 = load i64, i64* %82, align 8 store i64 %83, i64* %31, align 8 store i64 0, i64* %32, align 32 store i64 84410401, i64* %33, align 16 store i64 0, i64* %34, align 8 %84 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event.4099*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event.4099* %73, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq ------------- Path:  Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 perf_output_end 2 perf_log_throttle 3 __perf_event_account_interrupt 4 perf_event_overflow 5 x86_pmu_handle_irq 6 amd_pmu_handle_irq ------------- Path:  Function:amd_pmu_handle_irq %2 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events.4110* nonnull bitcast (%struct.cpu_hw_events* @cpu_hw_events to %struct.cpu_hw_events.4110*)) #6, !srcloc !4 %3 = inttoptr i64 %2 to %struct.cpu_hw_events.4110* %4 = getelementptr inbounds %struct.cpu_hw_events.4110, %struct.cpu_hw_events.4110* %3, i64 0, i32 1, i64 0 %5 = tail call i32 @__bitmap_weight(i64* %4, i32 64) #69 %6 = tail call i32 @x86_pmu_handle_irq(%struct.pt_regs* %0) #69 Function:x86_pmu_handle_irq %2 = alloca %struct.perf_sample_data, align 64 %3 = bitcast %struct.perf_sample_data* %2 to i8* %4 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.cpu_hw_events* nonnull @cpu_hw_events) #6, !srcloc !4 %5 = inttoptr i64 %4 to %struct.cpu_hw_events* %6 = load %struct.apic*, %struct.apic** @apic, align 8 %7 = getelementptr inbounds %struct.apic, %struct.apic* %6, i64 0, i32 2 %8 = load void (i32, i32)*, void (i32, i32)** %7, align 8 tail call void %8(i32 832, i32 1024) #69 %9 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 18), align 4 %10 = icmp sgt i32 %9, 0 br i1 %10, label %11, label %108 %12 = getelementptr inbounds %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 1, i64 0 %13 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 3 %14 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 4 %15 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 6, i32 0 %16 = getelementptr inbounds %struct.perf_sample_data, %struct.perf_sample_data* %2, i64 0, i32 5 br label %17 %18 = phi i64 [ 0, %11 ], [ %101, %99 ] %19 = phi i32 [ 0, %11 ], [ %100, %99 ] %20 = call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %18) #6, !srcloc !5 %21 = and i8 %20, 1 %22 = icmp eq i8 %21, 0 br i1 %22, label %99, label %23 %24 = getelementptr %struct.cpu_hw_events, %struct.cpu_hw_events* %5, i64 0, i32 0, i64 %18 %25 = load %struct.perf_event*, %struct.perf_event** %24, align 8 %26 = load i32, i32* getelementptr inbounds (%struct.x86_pmu, %struct.x86_pmu* @x86_pmu, i64 0, i32 20), align 4 %27 = sub i32 64, %26 %28 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 0, i32 0, i32 5 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 48 br i1 %30, label %57, label %31 %58 = phi i32 [ %56, %48 ], [ %26, %23 ] %59 = phi i64 [ %45, %48 ], [ 0, %23 ] %60 = add i32 %58, -1 %61 = zext i32 %60 to i64 %62 = shl nuw i64 1, %61 %63 = and i64 %62, %59 %64 = icmp eq i64 %63, 0 br i1 %64, label %65, label %99 %66 = add i32 %19, 1 %67 = getelementptr inbounds %struct.perf_event, %struct.perf_event* %25, i64 0, i32 26, i32 7 %68 = load i64, i64* %67, align 8 store i64 %68, i64* %13, align 8 store i64 0, i64* %14, align 32 store i64 84410401, i64* %15, align 16 store i64 0, i64* %16, align 8 %69 = call i32 @x86_perf_event_set_period(%struct.perf_event* %25) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %99, label %71 %72 = call i32 bitcast (i32 (%struct.perf_event.105278*, %struct.perf_sample_data*, %struct.pt_regs*)* @perf_event_overflow to i32 (%struct.perf_event*, %struct.perf_sample_data*, %struct.pt_regs*)*)(%struct.perf_event* %25, %struct.perf_sample_data* nonnull %2, %struct.pt_regs* %0) #69 Function:perf_event_overflow %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 50, i32 0 %5 = load volatile i32, i32* %4, align 4 %6 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 3, i32 0 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %42, label %9, !prof !4, !misexpect !5 %10 = tail call fastcc i32 @__perf_event_account_interrupt(%struct.perf_event.105278* %0, i32 1) #69 Function:__perf_event_account_interrupt %3 = tail call i64 asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @perf_throttled_seq) #4, !srcloc !4 %4 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 9 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %3, %5 br i1 %6, label %9, label %7 %10 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 26, i32 10 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, 1 store i64 %12, i64* %10, align 8 %13 = icmp eq i32 %1, 0 %14 = load i32, i32* @max_samples_per_tick, align 4 %15 = sext i32 %14 to i64 %16 = icmp ult i64 %12, %15 %17 = or i1 %13, %16 br i1 %17, label %19, label %18, !prof !5, !misexpect !6 tail call void asm "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @perf_throttled_count, i32* nonnull @perf_throttled_count) #6, !srcloc !7 store i64 -1, i64* %10, align 8 tail call fastcc void @perf_log_throttle(%struct.perf_event.105278* %0, i32 0) #69 Function:perf_log_throttle %3 = alloca %struct.perf_output_handle.105455, align 8 %4 = alloca %struct.perf_sample_data, align 64 %5 = alloca %struct.anon.212, align 8 %6 = bitcast %struct.perf_output_handle.105455* %3 to i8* %7 = bitcast %struct.perf_sample_data* %4 to i8* %8 = bitcast %struct.anon.212* %5 to i8* %9 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0 %10 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 0 store i32 5, i32* %10, align 8 %11 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 1 store i16 0, i16* %11, align 4 %12 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 0, i32 2 store i16 32, i16* %12, align 2 %13 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 1 %14 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 59 %15 = load i64 ()*, i64 ()** %14, align 8 %16 = tail call i64 %15() #69 store i64 %16, i64* %13, align 8 %17 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 2 %18 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 33 %19 = load %struct.perf_event.105278*, %struct.perf_event.105278** %18, align 8 %20 = icmp eq %struct.perf_event.105278* %19, null %21 = select i1 %20, %struct.perf_event.105278* %0, %struct.perf_event.105278* %19 %22 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %21, i64 0, i32 58 %23 = load i64, i64* %22, align 8 store i64 %23, i64* %17, align 8 %24 = getelementptr inbounds %struct.anon.212, %struct.anon.212* %5, i64 0, i32 3 %25 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 58 %26 = load i64, i64* %25, align 8 store i64 %26, i64* %24, align 8 %27 = icmp eq i32 %1, 0 br i1 %27, label %29, label %28 %30 = getelementptr inbounds %struct.perf_event.105278, %struct.perf_event.105278* %0, i64 0, i32 22, i32 6 %31 = load i64, i64* %30, align 8 %32 = and i64 %31, 262144 %33 = icmp eq i64 %32, 0 br i1 %33, label %37, label %34 %38 = phi i32 [ 32, %29 ], [ %36, %34 ] %39 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, %struct.perf_event.105845*, i32)* @perf_output_begin to i32 (%struct.perf_output_handle.105455*, %struct.perf_event.105278*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, %struct.perf_event.105278* %0, i32 %38) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %43 %42 = call i32 bitcast (i32 (%struct.perf_output_handle.105847*, i8*, i32)* @perf_output_copy to i32 (%struct.perf_output_handle.105455*, i8*, i32)*)(%struct.perf_output_handle.105455* nonnull %3, i8* nonnull %8, i32 32) #69 call void @perf_event__output_id_sample(%struct.perf_event.105278* %0, %struct.perf_output_handle.105455* nonnull %3, %struct.perf_sample_data* nonnull %4) #70 call void bitcast (void (%struct.perf_output_handle.105847*)* @perf_output_end to void (%struct.perf_output_handle.105455*)*)(%struct.perf_output_handle.105455* nonnull %3) #69 Function:perf_output_end %2 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 1 %3 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %4 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 7 %5 = load volatile i32, i32* %4, align 4 %6 = icmp ugt i32 %5, 1 br i1 %6, label %15, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 6, i32 0, i32 0 %9 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 30 %11 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %12 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %11, i64 0, i32 15 store volatile i64 %9, i64* %12, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %13 = load volatile i64, i64* %8, align 8 %14 = icmp eq i64 %9, %13 br i1 %14, label %23, label %17, !prof !8, !misexpect !9 store volatile i32 1, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %18 = load volatile i64, i64* %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = load %struct.perf_event_mmap_page*, %struct.perf_event_mmap_page** %10, align 8 %20 = getelementptr inbounds %struct.perf_event_mmap_page, %struct.perf_event_mmap_page* %19, i64 0, i32 15 store volatile i64 %18, i64* %20, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i32 0, i32* %4, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %21 = load volatile i64, i64* %8, align 8 %22 = icmp eq i64 %18, %21 br i1 %22, label %23, label %17, !prof !8, !misexpect !9 %24 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 2 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %3, i64 0, i32 9, i32 0, i32 0 %27 = load volatile i64, i64* %26, align 8 %28 = icmp eq i64 %25, %27 br i1 %28, label %38, label %29 %30 = load %struct.ring_buffer.105267*, %struct.ring_buffer.105267** %2, align 8 %31 = getelementptr inbounds %struct.ring_buffer.105267, %struct.ring_buffer.105267* %30, i64 0, i32 5, i32 0 store volatile i32 1, i32* %31, align 4 %32 = getelementptr inbounds %struct.perf_output_handle.105847, %struct.perf_output_handle.105847* %0, i64 0, i32 0 %33 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %34 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %33, i64 0, i32 46 store i32 1, i32* %34, align 8 %35 = load %struct.perf_event.105845*, %struct.perf_event.105845** %32, align 8 %36 = getelementptr inbounds %struct.perf_event.105845, %struct.perf_event.105845* %35, i64 0, i32 49 %37 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %36) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 pm_runtime_set_autosuspend_delay 12 autosuspend_store ------------- Path:  Function:autosuspend_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.6.48570, i64 0, i64 0), i32* nonnull %5) #69 %8 = icmp ne i32 %7, 1 %9 = load i32, i32* %5, align 4 %10 = add i32 %9, 2147482 %11 = icmp ugt i32 %10, 4294964 %12 = or i1 %8, %11 br i1 %12, label %15, label %13 %14 = mul nsw i32 %9, 1000 call void bitcast (void (%struct.device.515067*, i32)* @pm_runtime_set_autosuspend_delay to void (%struct.device.558672*, i32)*)(%struct.device.558672* %0, i32 %14) #70 Function:pm_runtime_set_autosuspend_delay %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %4 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %3, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %4) #69 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %6 = load i32, i32* %5, align 4 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = lshr i16 %8, 11 %10 = and i16 %9, 1 store i32 %1, i32* %5, align 4 %11 = and i16 %8, 2048 %12 = icmp ne i16 %11, 0 %13 = icmp slt i32 %1, 0 %14 = and i1 %13, %12 br i1 %14, label %15, label %22 %23 = icmp ne i16 %10, 0 %24 = icmp slt i32 %6, 0 %25 = and i1 %24, %23 br i1 %25, label %26, label %28 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %27, i32* %27) #6, !srcloc !5 br label %28 %29 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %0, i32 8) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 d3cold_allowed_store ------------- Path:  Function:d3cold_allowed_store %5 = alloca i64, align 8 %6 = getelementptr %struct.device.27509, %struct.device.27509* %0, i64 -1, i32 16 %7 = bitcast %struct.dma_map_ops.27502** %6 to %struct.pci_dev.291277* %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #69 %10 = icmp slt i32 %9, 0 br i1 %10, label %24, label %11 %12 = load i64, i64* %5, align 8 %13 = icmp eq i64 %12, 0 %14 = getelementptr inbounds %struct.pci_dev.291277, %struct.pci_dev.291277* %7, i64 0, i32 31 %15 = bitcast i24* %14 to i32* %16 = load i32, i32* %15, align 2 %17 = select i1 %13, i32 0, i32 2048 %18 = and i32 %16, -2049 %19 = or i32 %18, %17 store i32 %19, i32* %15, align 2 br i1 %13, label %21, label %20 call void @pci_d3cold_disable(%struct.pci_dev.291277* %7) #69 br label %22 %23 = call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.27509*, i32)*)(%struct.device.27509* %0, i32 0) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 blk_queue_enter 15 blk_mq_alloc_request 16 blk_get_request 17 bsg_ioctl ------------- Path:  Function:bsg_ioctl %4 = alloca %struct.sg_io_v4, align 8 %5 = getelementptr inbounds %struct.file.282634, %struct.file.282634* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.bsg_device** %7 = load %struct.bsg_device*, %struct.bsg_device** %6, align 8 %8 = inttoptr i64 %2 to i8* switch i32 %1, label %154 [ i32 8816, label %9 i32 8817, label %15 i32 8834, label %33 i32 21378, label %33 i32 21382, label %33 i32 8705, label %33 i32 8706, label %33 i32 8818, label %33 i32 8821, label %33 i32 8707, label %33 i32 8837, label %40 i32 1, label %147 ] %41 = getelementptr inbounds %struct.bsg_device, %struct.bsg_device* %7, i64 0, i32 0 %42 = load %struct.request_queue.282792*, %struct.request_queue.282792** %41, align 8 %43 = getelementptr inbounds %struct.file.282634, %struct.file.282634* %0, i64 0, i32 8 %44 = load i32, i32* %43, align 4 %45 = bitcast %struct.sg_io_v4* %4 to i8* %46 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 160) #69 %47 = icmp eq i64 %46, 0 br i1 %47, label %48, label %144 %49 = getelementptr inbounds %struct.request_queue.282792, %struct.request_queue.282792* %42, i64 0, i32 52, i32 0 %50 = load %struct.device.282731*, %struct.device.282731** %49, align 8 %51 = icmp eq %struct.device.282731* %50, null br i1 %51, label %144, label %52 %53 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 0 %54 = load i32, i32* %53, align 8 %55 = icmp eq i32 %54, 81 br i1 %55, label %56, label %144 %57 = getelementptr inbounds %struct.request_queue.282792, %struct.request_queue.282792* %42, i64 0, i32 52, i32 3 %58 = load %struct.bsg_ops.282790*, %struct.bsg_ops.282790** %57, align 8 %59 = getelementptr inbounds %struct.bsg_ops.282790, %struct.bsg_ops.282790* %58, i64 0, i32 0 %60 = load i32 (%struct.sg_io_v4*)*, i32 (%struct.sg_io_v4*)** %59, align 8 %61 = call i32 %60(%struct.sg_io_v4* nonnull %4) #69 %62 = icmp eq i32 %61, 0 br i1 %62, label %63, label %144 %64 = getelementptr inbounds %struct.sg_io_v4, %struct.sg_io_v4* %4, i64 0, i32 12 %65 = load i32, i32* %64, align 4 %66 = icmp eq i32 %65, 0 %67 = select i1 %66, i32 32, i32 33 %68 = call %struct.request.282762* bitcast (%struct.request.272936* (%struct.request_queue.272970*, i32, i32)* @blk_get_request to %struct.request.282762* (%struct.request_queue.282792*, i32, i32)*)(%struct.request_queue.282792* %42, i32 %67, i32 0) #69 Function:blk_get_request %4 = and i32 %1, 2097152 %5 = icmp eq i32 %4, 0 br i1 %5, label %7, label %6, !prof !4, !misexpect !5 %8 = and i32 %2, -10 %9 = icmp eq i32 %8, 0 br i1 %9, label %11, label %10, !prof !4, !misexpect !5 %12 = tail call %struct.request.272936* @blk_mq_alloc_request(%struct.request_queue.272970* %0, i32 %1, i32 %2) #69 Function:blk_mq_alloc_request %4 = alloca %struct.blk_mq_alloc_data.272937, align 8 %5 = bitcast %struct.blk_mq_alloc_data.272937* %4 to i8* %6 = getelementptr inbounds %struct.blk_mq_alloc_data.272937, %struct.blk_mq_alloc_data.272937* %4, i64 0, i32 1 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.blk_mq_alloc_data.272937, %struct.blk_mq_alloc_data.272937* %4, i64 0, i32 3 store i32 %1, i32* %7, align 8 %8 = tail call i32 @blk_queue_enter(%struct.request_queue.272970* %0, i32 %2) #69 Function:blk_queue_enter %3 = alloca %struct.wait_queue_entry, align 8 %4 = and i32 %1, 8 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56 %7 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56, i32 1 %8 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %6, i64 0, i32 0, i32 0 %9 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 15, i32 0 %10 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 56, i32 2 %11 = and i32 %1, 1 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 51 %14 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 21 %15 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 22 %16 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %17 = bitcast %struct.wait_queue_entry* %3 to i8* %18 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 54 br label %19 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = load volatile i64, i64* %7, align 8 %21 = and i64 %20, 3 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %25, !prof !6, !misexpect !7 %26 = and i64 %20, 2 %27 = icmp eq i64 %26, 0 br i1 %27, label %29, label %28 %30 = load volatile i64, i64* %8, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %42, label %32, !prof !10, !misexpect !7 %33 = phi i64 [ %40, %39 ], [ %30, %29 ] %34 = add i64 %33, 1 %35 = call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64 %34, i64* %8, i64 %33) #6, !srcloc !11 %36 = extractvalue { i8, i64 } %35, 0 %37 = and i8 %36, 1 %38 = icmp eq i8 %37, 0 br i1 %38, label %39, label %43, !prof !10, !misexpect !7 %40 = extractvalue { i8, i64 } %35, 1 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %32, !prof !10, !misexpect !7 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 br label %63 br i1 %12, label %64, label %113 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !15 %65 = call i32 @_cond_resched() #69 %66 = load i32, i32* %13, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %81 %82 = load volatile i64, i64* %16, align 8 %83 = and i64 %82, 2 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %109 call void @init_wait_entry(%struct.wait_queue_entry* nonnull %3, i32 0) #69 br label %86 %87 = call i64 @prepare_to_wait_event(%struct.wait_queue_head* %18, %struct.wait_queue_entry* nonnull %3, i32 2) #69 %88 = load i32, i32* %13, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %103 br i1 %5, label %91, label %108 %92 = load %struct.device.272894*, %struct.device.272894** %14, align 8 %93 = icmp eq %struct.device.272894* %92, null br i1 %93, label %100, label %94 %95 = load i32, i32* %15, align 8 %96 = and i32 %95, -2 %97 = icmp eq i32 %96, 2 br i1 %97, label %98, label %100 %99 = call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.272894*, i32)*)(%struct.device.272894* nonnull %92, i32 1) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 rpm_suspend 10 rpm_idle 11 __rpm_callback 12 rpm_resume 13 __pm_runtime_resume 14 intel_runtime_pm_get 15 i915_forcewake_open ------------- Path:  Function:i915_forcewake_open %3 = getelementptr inbounds %struct.inode.379433, %struct.inode.379433* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.388303** %5 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 1, i32 1 %7 = load i8, i8* %6, align 2 %8 = icmp ult i8 %7, 6 br i1 %8, label %16, label %9 %10 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 111 %11 = tail call i32 @intel_runtime_pm_get(%struct.intel_runtime_pm* %10) #69 Function:intel_runtime_pm_get %2 = getelementptr inbounds %struct.intel_runtime_pm, %struct.intel_runtime_pm* %0, i64 0, i32 1 %3 = load %struct.device.379499*, %struct.device.379499** %2, align 8 %4 = tail call i32 bitcast (i32 (%struct.device.515067*, i32)* @__pm_runtime_resume to i32 (%struct.device.379499*, i32)*)(%struct.device.379499* %3, i32 4) #69 Function:__pm_runtime_resume %3 = and i32 %1, 1 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %16 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 br i1 %9, label %10, label %16 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 br i1 %13, label %16, label %14 %17 = and i32 %1, 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %21, label %19 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3, i32 0, i32 0 %23 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %22) #69 %24 = tail call fastcc i32 @rpm_resume(%struct.device.515067* %0, i32 %1) #70 Function:rpm_resume %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_resume_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %10 = bitcast %struct.wait_queue_entry* %3 to i8* %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %13 = bitcast i8** %12 to %struct.task_struct** %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %15 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %15, i64 0, i32 0 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %18 = and i32 %1, 3 %19 = icmp eq i32 %18, 0 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %21 = bitcast %struct.spinlock* %20 to i8* %22 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 1 %25 = and i32 %1, 1 %26 = icmp eq i32 %25, 0 br label %27 %28 = phi %struct.device.515067* [ %114, %134 ], [ null, %2 ] %29 = load i32, i32* %4, align 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %295 %32 = load i16, i16* %5, align 8 %33 = and i16 %32, 7 switch i16 %33, label %295 [ i16 1, label %34 i16 0, label %43 ] store i32 0, i32* %6, align 8 %44 = and i16 %32, 4096 %45 = icmp eq i16 %44, 0 br i1 %45, label %46, label %51 %47 = load i64, i64* %7, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %51, label %49 %50 = call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #70 store i64 0, i64* %7, align 8 br label %51 %52 = load i32, i32* %9, align 4 switch i32 %52, label %74 [ i32 0, label %295 i32 1, label %53 i32 3, label %53 ] %75 = load i16, i16* %5, align 8 %76 = and i16 %75, 512 %77 = icmp eq i16 %76, 0 %78 = icmp ne %struct.device.515067* %28, null %79 = or i1 %78, %77 br i1 %79, label %102, label %80 %81 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %82 = icmp eq %struct.device.515067* %81, null br i1 %82, label %102, label %83 br i1 %26, label %112, label %103 br i1 %78, label %138, label %113 %114 = load %struct.device.515067*, %struct.device.515067** %24, align 8 %115 = icmp eq %struct.device.515067* %114, null br i1 %115, label %138, label %116 %117 = load i16, i16* %5, align 8 %118 = and i16 %117, 1024 %119 = icmp eq i16 %118, 0 br i1 %119, label %120, label %138 %139 = phi %struct.device.515067* [ %28, %112 ], [ %114, %116 ], [ null, %113 ] %140 = load i16, i16* %5, align 8 %141 = and i16 %140, 512 %142 = icmp eq i16 %141, 0 br i1 %142, label %143, label %259 %144 = and i16 %140, 7 %145 = icmp eq i16 %144, 0 br i1 %145, label %146, label %163 store i32 1, i32* %9, align 4 %164 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %165 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %164, align 8 %166 = icmp eq %struct.dev_pm_domain.515054* %165, null br i1 %166, label %167, label %191 %192 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %165, i64 0, i32 0 br label %193 %194 = phi %struct.dev_pm_ops.515030* [ %192, %191 ], [ %189, %187 ], [ %181, %179 ], [ %173, %171 ] %195 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %194, i64 0, i32 21 %196 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %195, align 8 %197 = icmp eq i32 (%struct.device.515067*)* %196, null br i1 %197, label %199, label %198 call void @dev_pm_disable_wake_irq_check(%struct.device.515067* %0) #70 br label %212 %213 = phi i32 (%struct.device.515067*)* [ %196, %198 ], [ %210, %208 ] %214 = load i16, i16* %5, align 8 %215 = and i16 %214, 8192 %216 = icmp eq i16 %215, 0 br i1 %216, label %227, label %217 %228 = call fastcc i32 @__rpm_callback(i32 (%struct.device.515067*)* nonnull %213, %struct.device.515067* %0) #70 Function:__rpm_callback %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 16 %4 = load i32, i32* %3, align 4 %5 = icmp eq i32 %4, 0 %6 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 15 %7 = load i16, i16* %6, align 8 %8 = and i16 %7, 1024 %9 = icmp eq i16 %8, 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 3 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6 %11 = bitcast %struct.spinlock* %10 to i8* store volatile i8 0, i8* %11, align 1 br i1 %9, label %13, label %12 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %5, label %65, label %14 %15 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 11, i32 18 %16 = load i32, i32* %15, align 4 %17 = icmp eq i32 %16, 1 br i1 %17, label %18, label %65 %19 = tail call i32 @device_links_read_lock() #69 %20 = tail call fastcc i32 @rpm_get_suppliers(%struct.device.515067* %1) #70 %21 = icmp eq i32 %20, 0 br i1 %21, label %64, label %22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %1, i64 0, i32 10, i32 0 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %121, label %28 %29 = phi i64 [ %61, %55 ], [ %25, %22 ] %30 = inttoptr i64 %29 to i8* %31 = getelementptr i8, i8* %30, i64 -32 %32 = getelementptr i8, i8* %30, i64 24 %33 = bitcast i8* %32 to %union.anon.21* %34 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %35 = bitcast i8* %31 to %struct.device.515067** %36 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %34, label %37, label %55 %38 = phi %struct.device.515067* [ %54, %52 ], [ %36, %28 ] %39 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %38, i64 0, i32 11, i32 13, i32 0 %40 = load volatile i32, i32* %39, align 4 %41 = icmp eq i32 %40, 0 br i1 %41, label %52, label %42, !prof !7, !misexpect !8 %43 = phi i32 [ %50, %49 ], [ %40, %37 ] %44 = add i32 %43, -1 %45 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %39, i32 %44, i32* %39, i32 %43) #6, !srcloc !9 %46 = extractvalue { i8, i32 } %45, 0 %47 = and i8 %46, 1 %48 = icmp eq i8 %47, 0 br i1 %48, label %49, label %52, !prof !7, !misexpect !8 %50 = extractvalue { i8, i32 } %45, 1 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %42, !prof !7, !misexpect !8 %53 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %33) #69 %54 = load %struct.device.515067*, %struct.device.515067** %35, align 8 br i1 %53, label %37, label %55 %56 = phi %struct.device.515067* [ %36, %28 ], [ %54, %52 ] %57 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %56, i64 0, i32 11, i32 3, i32 0, i32 0 %58 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %57) #69 %59 = tail call fastcc i32 @rpm_idle(%struct.device.515067* %56, i32 1) #69 Function:rpm_idle tail call fastcc void @trace_rpm_idle_rcuidle(%struct.device.515067* %0, i32 %1) #69 %3 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %140 %7 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %8 = load i16, i16* %7, align 8 %9 = and i16 %8, 7 %10 = icmp eq i16 %9, 0 br i1 %10, label %11, label %140 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %13 = load volatile i32, i32* %12, align 4 %14 = icmp sgt i32 %13, 0 br i1 %14, label %140, label %15 %16 = and i16 %8, 256 %17 = icmp eq i16 %16, 0 br i1 %17, label %18, label %22 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %140 %23 = and i16 %8, 32 %24 = icmp eq i16 %23, 0 br i1 %24, label %29, label %25 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 3 br i1 %28, label %140, label %29 %30 = and i16 %8, 16 %31 = icmp eq i16 %30, 0 br i1 %31, label %36, label %32 %33 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %34 = load i32, i32* %33, align 8 %35 = icmp eq i32 %34, 4 br i1 %35, label %140, label %36 %37 = tail call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %38 = icmp eq i32 %37, 0 br i1 %38, label %140, label %39 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, 2 %43 = icmp eq i32 %41, 0 br i1 %43, label %44, label %140 %45 = load i16, i16* %7, align 8 %46 = and i16 %45, 16 %47 = icmp eq i16 %46, 0 br i1 %47, label %52, label %48 %53 = and i16 %45, 8 %54 = icmp ne i16 %53, 0 %55 = or i1 %42, %54 %56 = select i1 %54, i32 -115, i32 1 br i1 %55, label %140, label %57 %58 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 store i32 0, i32* %58, align 8 %59 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %60 = load %struct.dev_pm_domain.515054*, %struct.dev_pm_domain.515054** %59, align 8 %61 = icmp eq %struct.dev_pm_domain.515054* %60, null br i1 %61, label %62, label %86 %87 = getelementptr inbounds %struct.dev_pm_domain.515054, %struct.dev_pm_domain.515054* %60, i64 0, i32 0 br label %88 %89 = phi %struct.dev_pm_ops.515030* [ %87, %86 ], [ %84, %82 ], [ %76, %74 ], [ %68, %66 ] %90 = getelementptr %struct.dev_pm_ops.515030, %struct.dev_pm_ops.515030* %89, i64 0, i32 22 %91 = load i32 (%struct.device.515067*)*, i32 (%struct.device.515067*)** %90, align 8 %92 = icmp eq i32 (%struct.device.515067*)* %91, null br i1 %92, label %93, label %105 %106 = phi i32 (%struct.device.515067*)* [ %103, %101 ], [ %91, %88 ] %107 = and i16 %45, 512 %108 = icmp eq i16 %107, 0 br i1 %108, label %109, label %139 tail call fastcc void @trace_rpm_return_int_rcuidle(%struct.device.515067* %0, i64 ptrtoint (i8* blockaddress(@rpm_idle, %142) to i64), i32 0) #69 br label %144 %145 = or i32 %1, 8 %146 = tail call fastcc i32 @rpm_suspend(%struct.device.515067* %0, i32 %145) #69 Function:rpm_suspend %3 = alloca %struct.wait_queue_entry, align 8 tail call fastcc void @trace_rpm_suspend_rcuidle(%struct.device.515067* %0, i32 %1) #69 %4 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 19 %5 = load i32, i32* %4, align 8 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %361 %8 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 15 %9 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 13, i32 0 %10 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 14, i32 0 %11 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 18 %12 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 17 %13 = and i32 %1, 1 %14 = icmp eq i32 %13, 0 %15 = and i32 %1, 8 %16 = icmp eq i32 %15, 0 %17 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 20 %18 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 21 %19 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 9 %20 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 8 %21 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 24 %22 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 22 %23 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 23 %24 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 12 %25 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 4 %26 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 31 %27 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 5 %28 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 11 %30 = bitcast %struct.wait_queue_entry* %3 to i8* %31 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 %32 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %33 = bitcast i8** %32 to %struct.task_struct** %34 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 %35 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %36 = getelementptr inbounds %struct.list_head, %struct.list_head* %35, i64 0, i32 0 %37 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 %38 = and i32 %1, 3 %39 = icmp eq i32 %38, 0 %40 = getelementptr inbounds %struct.device.515067, %struct.device.515067* %0, i64 0, i32 11, i32 3 %41 = bitcast %struct.spinlock* %40 to i8* %42 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %40, i64 0, i32 0, i32 0 br label %43 %44 = load i16, i16* %8, align 8 %45 = and i16 %44, 7 %46 = icmp eq i16 %45, 0 br i1 %46, label %47, label %361 %48 = load volatile i32, i32* %9, align 4 %49 = icmp sgt i32 %48, 0 br i1 %49, label %361, label %50 %51 = and i16 %44, 256 %52 = icmp eq i16 %51, 0 br i1 %52, label %53, label %56 %54 = load volatile i32, i32* %10, align 4 %55 = icmp eq i32 %54, 0 br i1 %55, label %56, label %361 %57 = and i16 %44, 32 %58 = icmp eq i16 %57, 0 br i1 %58, label %62, label %59 %60 = load i32, i32* %11, align 4 %61 = icmp eq i32 %60, 3 br i1 %61, label %361, label %62 %63 = and i16 %44, 16 %64 = icmp eq i16 %63, 0 br i1 %64, label %68, label %65 %66 = load i32, i32* %12, align 8 %67 = icmp eq i32 %66, 4 br i1 %67, label %361, label %68 %69 = call i32 bitcast (i32 (%struct.device.514863*)* @__dev_pm_qos_resume_latency to i32 (%struct.device.515067*)*)(%struct.device.515067* %0) #70 %70 = icmp eq i32 %69, 0 br i1 %70, label %361, label %71 %72 = load i32, i32* %11, align 4 %73 = icmp eq i32 %72, 2 %74 = icmp eq i32 %72, 1 %75 = and i1 %14, %74 %76 = or i1 %73, %75 br i1 %76, label %359, label %77 %78 = icmp eq i32 %72, 3 %79 = or i1 %16, %78 br i1 %79, label %105, label %80 %81 = load i16, i16* %8, align 8 %82 = and i16 %81, 2048 %83 = icmp eq i16 %82, 0 br i1 %83, label %105, label %84 %85 = load volatile i32, i32* %17, align 4 %86 = icmp slt i32 %85, 0 br i1 %86, label %105, label %87 %88 = load volatile i64, i64* %18, align 8 %89 = zext i32 %85 to i64 %90 = mul nuw nsw i64 %89, 1000000 %91 = add i64 %88, %90 %92 = call i64 @ktime_get_mono_fast_ns() #70 %93 = icmp ugt i64 %91, %92 br i1 %93, label %94, label %105 store i32 0, i32* %12, align 8 %95 = load i64, i64* %19, align 8 %96 = add i64 %95, -1 %97 = icmp ult i64 %96, %91 br i1 %97, label %102, label %98 %99 = load volatile i32, i32* %17, align 4 %100 = sext i32 %99 to i64 %101 = mul nsw i64 %100, 250000 store i64 %91, i64* %19, align 8 call void @hrtimer_start_range_ns(%struct.hrtimer* %20, i64 %91, i64 %101, i32 0) #70 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __ia32_sys_timerfd_gettime32 ------------- Path:  Function:__ia32_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __x64_sys_timerfd_gettime32 ------------- Path:  Function:__x64_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.old_itimerspec32** %7 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __ia32_sys_timerfd_gettime ------------- Path:  Function:__ia32_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_gettime 10 __x64_sys_timerfd_gettime ------------- Path:  Function:__x64_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.itimerspec64** %7 = load %struct.itimerspec64*, %struct.itimerspec64** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %42 = bitcast %struct.timerfd_ctx* %19 to %struct.hrtimer* %43 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %44 = bitcast %struct.rb_node** %43 to %struct.hrtimer_clock_base** %45 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %44, align 8 %46 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %45, i64 0, i32 6 %47 = load i64 ()*, i64 ()** %46, align 16 %48 = tail call i64 %47() #69 %49 = tail call i64 @hrtimer_forward(%struct.hrtimer* %42, i64 %48, i64 %27) #69 %50 = add i64 %49, -1 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 4 %52 = load i64, i64* %51, align 8 %53 = add i64 %50, %52 store i64 %53, i64* %51, align 8 %54 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %55 = load i64, i64* %54, align 8 %56 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0, i32 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = sub i64 %57, %55 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %42, i64 %55, i64 %58, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime32 ------------- Path:  Function:__ia32_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.old_itimerspec32* %15 = inttoptr i64 %13 to %struct.old_itimerspec32* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime32 ------------- Path:  Function:__x64_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.old_itimerspec32** %10 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_timerfd_settime 10 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %81, i64 %160, i64 0, i32 %154) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %110, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call %struct.task_struct.138679* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.138679** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.138679**)) #10, !srcloc !4 %26 = bitcast i8** %24 to %struct.task_struct.138679** store %struct.task_struct.138679* %25, %struct.task_struct.138679** %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 0 store %struct.list_head* %28, %struct.list_head** %29, align 8 %30 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %28, %struct.list_head** %30, align 8 br label %31 %32 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %37 %38 = load %struct.list_head*, %struct.list_head** %30, align 8 %39 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 1 store %struct.list_head* %38, %struct.list_head** %41, align 8 %42 = ptrtoint %struct.list_head* %40 to i64 %43 = bitcast %struct.list_head* %38 to i64* store volatile i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.task_struct.138679, %struct.task_struct.138679* %25, i64 0, i32 1 store volatile i64 0, i64* %44, align 16 %45 = sext i32 %32 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %37 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %83 = bitcast %struct.timerfd_ctx* %8 to %struct.hrtimer* %84 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 2 %85 = bitcast %struct.rb_node** %84 to %struct.hrtimer_clock_base** %86 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %85, align 8 %87 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %86, i64 0, i32 6 %88 = load i64 ()*, i64 ()** %87, align 16 %89 = call i64 %88() #69 %90 = call i64 @hrtimer_forward(%struct.hrtimer* %83, i64 %89, i64 %70) #69 %91 = add i64 %62, -1 %92 = add i64 %91, %90 %93 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 %94 = load i64, i64* %93, align 8 %95 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0, i32 0, i32 1 %96 = load i64, i64* %95, align 8 %97 = sub i64 %96, %94 call void @hrtimer_start_range_ns(%struct.hrtimer* %83, i64 %94, i64 %97, i32 0) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __ia32_compat_sys_setitimer ------------- Path:  Function:__ia32_compat_sys_setitimer %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %5 to i32 %13 = inttoptr i64 %11 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = icmp eq i64 %8, 0 br i1 %16, label %21, label %17 br label %22 %23 = icmp ne i64 %11, 0 %24 = select i1 %23, %struct.itimerspec64* %3, %struct.itimerspec64* null %25 = call i32 @do_setitimer(i32 %12, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* %24) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __se_sys_setitimer 11 __ia32_sys_setitimer ------------- Path:  Function:__ia32_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setitimer(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_setitimer %4 = alloca %struct.itimerspec64, align 8 %5 = alloca %struct.itimerspec64, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.itimerspec64* %4 to i8* %8 = bitcast %struct.itimerspec64* %5 to i8* %9 = icmp eq i64 %1, 0 br i1 %9, label %14, label %10 %15 = load i1, i1* @__do_sys_setitimer.__print_once, align 1 br i1 %15, label %20, label %16 store i1 true, i1* @__do_sys_setitimer.__print_once, align 1 %17 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %17, i64 0, i32 80, i64 0 %19 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.8999, i64 0, i64 0), i8* %18) #70 br label %20 %21 = icmp ne i64 %2, 0 %22 = select i1 %21, %struct.itimerspec64* %5, %struct.itimerspec64* null %23 = call i32 @do_setitimer(i32 %6, %struct.itimerspec64* nonnull %4, %struct.itimerspec64* %22) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __se_sys_setitimer 11 __x64_sys_setitimer ------------- Path:  Function:__x64_sys_setitimer %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setitimer(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_setitimer %4 = alloca %struct.itimerspec64, align 8 %5 = alloca %struct.itimerspec64, align 8 %6 = trunc i64 %0 to i32 %7 = bitcast %struct.itimerspec64* %4 to i8* %8 = bitcast %struct.itimerspec64* %5 to i8* %9 = icmp eq i64 %1, 0 br i1 %9, label %14, label %10 %15 = load i1, i1* @__do_sys_setitimer.__print_once, align 1 br i1 %15, label %20, label %16 store i1 true, i1* @__do_sys_setitimer.__print_once, align 1 %17 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %17, i64 0, i32 80, i64 0 %19 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([88 x i8], [88 x i8]* @.str.3.8999, i64 0, i64 0), i8* %18) #70 br label %20 %21 = icmp ne i64 %2, 0 %22 = select i1 %21, %struct.itimerspec64* %5, %struct.itimerspec64* null %23 = call i32 @do_setitimer(i32 %6, %struct.itimerspec64* nonnull %4, %struct.itimerspec64* %22) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __ia32_sys_alarm ------------- Path:  Function:__ia32_sys_alarm %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = bitcast %struct.itimerspec64* %2 to i8* %8 = bitcast %struct.itimerspec64* %3 to i8* %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 store i64 %6, i64* %9, align 8 %10 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call i32 @do_setitimer(i32 0, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_setitimer 10 __x64_sys_alarm ------------- Path:  Function:__x64_sys_alarm %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = bitcast %struct.itimerspec64* %2 to i8* %7 = bitcast %struct.itimerspec64* %3 to i8* %8 = and i64 %5, 4294967295 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 store i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 store i64 0, i64* %10, align 8 %11 = call i32 @do_setitimer(i32 0, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_setitimer %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 0 %6 = load i64, i64* %5, align 8 %7 = icmp sgt i64 %6, -1 br i1 %7, label %8, label %104 %9 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 1, i32 1 %10 = load i64, i64* %9, align 8 %11 = icmp ult i64 %10, 1000000 br i1 %11, label %12, label %104 %13 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp sgt i64 %14, -1 br i1 %15, label %16, label %104 %17 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %1, i64 0, i32 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000 br i1 %19, label %20, label %104 switch i32 %0, label %104 [ i32 0, label %21 i32 1, label %102 i32 2, label %103 ] %22 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 88 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 87 %24 = icmp eq %struct.itimerspec64* %2, null %25 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %26 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %27 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %28 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %29 = bitcast %struct.sighand_struct** %22 to i8** br label %30 %31 = load %struct.sighand_struct*, %struct.sighand_struct** %22, align 32 %32 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %31, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %32) #69 %33 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %34 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %33, i64 0, i32 16 br i1 %24, label %50, label %35 %51 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %34) #69 %52 = icmp slt i32 %51, 0 br i1 %52, label %53, label %55 %56 = load i64, i64* %5, align 8 %57 = load i64, i64* %9, align 8 %58 = mul i64 %57, 1000 %59 = icmp sgt i64 %56, 9223372035 %60 = mul i64 %56, 1000000000 %61 = add i64 %58, %60 %62 = select i1 %59, i64 9223372036854775807, i64 %61, !prof !9 %63 = icmp eq i64 %62, 0 br i1 %63, label %74, label %64 %65 = load i64, i64* %13, align 8 %66 = load i64, i64* %17, align 8 %67 = mul i64 %66, 1000 %68 = icmp sgt i64 %65, 9223372035 %69 = mul i64 %65, 1000000000 %70 = add i64 %67, %69 %71 = select i1 %68, i64 9223372036854775807, i64 %70, !prof !9 %72 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %23, align 8 %73 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %72, i64 0, i32 17 store i64 %71, i64* %73, align 8 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %34, i64 %62, i64 0, i32 1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep_time32 ------------- Path:  Function:__ia32_sys_nanosleep_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %8 to %struct.util_est* %10 = bitcast %struct.anon.54* %2 to i8* %11 = inttoptr i64 %5 to i8* %12 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* %11) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp eq i64 %8, 0 %24 = select i1 %23, i32 0, i32 2 %25 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1 %27 = bitcast %union.anon.30* %26 to %struct.anon.27.79146* %28 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.util_est** store %struct.util_est* %9, %struct.util_est** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep_time32 ------------- Path:  Function:__x64_sys_nanosleep_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.util_est* %9 = bitcast %struct.anon.54* %2 to i8* %10 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp eq i64 %7, 0 %22 = select i1 %21, i32 0, i32 2 %23 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1 %25 = bitcast %union.anon.30* %24 to %struct.anon.27.79146* %26 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.util_est** store %struct.util_est* %8, %struct.util_est** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __ia32_sys_nanosleep ------------- Path:  Function:__ia32_sys_nanosleep %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to %struct.anon.54* %10 = inttoptr i64 %8 to %struct.anon.54* %11 = bitcast %struct.anon.54* %2 to i8* %12 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* %9) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %32 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %32, label %18 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %32 %23 = icmp ne i64 %8, 0 %24 = zext i1 %23 to i32 %25 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1 %27 = bitcast %union.anon.30* %26 to %struct.anon.27.79146* %28 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %27, i64 0, i32 1 store i32 %24, i32* %28, align 4 %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %25, i64 0, i32 47, i32 1, i32 0, i32 1 %30 = bitcast i32* %29 to %struct.anon.54** store %struct.anon.54* %10, %struct.anon.54** %30, align 8 %31 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 do_nanosleep 10 hrtimer_nanosleep 11 __x64_sys_nanosleep ------------- Path:  Function:__x64_sys_nanosleep %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to %struct.anon.54** %5 = load %struct.anon.54*, %struct.anon.54** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.54* %9 = bitcast %struct.anon.54* %2 to i8* %10 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* %5) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %30 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %14 = load i64, i64* %13, align 8 %15 = icmp slt i64 %14, 0 br i1 %15, label %30, label %16 %17 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ult i64 %18, 1000000000 br i1 %19, label %20, label %30 %21 = icmp ne i64 %7, 0 %22 = zext i1 %21 to i32 %23 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1 %25 = bitcast %union.anon.30* %24 to %struct.anon.27.79146* %26 = getelementptr inbounds %struct.anon.27.79146, %struct.anon.27.79146* %25, i64 0, i32 1 store i32 %22, i32* %26, align 4 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %23, i64 0, i32 47, i32 1, i32 0, i32 1 %28 = bitcast i32* %27 to %struct.anon.54** store %struct.anon.54* %8, %struct.anon.54** %28, align 8 %29 = call i64 @hrtimer_nanosleep(%struct.anon.54* nonnull %2, i32 1, i32 1) #69 Function:hrtimer_nanosleep %4 = alloca %struct.hrtimer_sleeper.79143, align 8 %5 = bitcast %struct.hrtimer_sleeper.79143* %4 to i8* %6 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 15 %8 = load i32, i32* %7, align 4 %9 = icmp sgt i32 %8, -1 br i1 %9, label %10, label %14 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %6, i64 0, i32 151 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i32 %8, 99 br i1 %13, label %15, label %14 %16 = phi i64 [ 0, %14 ], [ %12, %10 ] call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %2, i32 %1) #69 %17 = getelementptr %struct.anon.54, %struct.anon.54* %0, i64 0, i32 0 %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp sgt i64 %18, 9223372035 %22 = mul i64 %18, 1000000000 %23 = add i64 %22, %20 %24 = select i1 %21, i64 9223372036854775807, i64 %23, !prof !5 %25 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 1 store i64 %24, i64* %25, align 8 %26 = add i64 %24, %16 %27 = icmp slt i64 %26, 0 %28 = icmp slt i64 %26, %24 %29 = or i1 %27, %28 %30 = icmp slt i64 %26, %16 %31 = or i1 %30, %29 %32 = select i1 %31, i64 9223372036854775807, i64 %26 %33 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %4, i64 0, i32 0, i32 0, i32 1 store i64 %32, i64* %33, align 8 %34 = call fastcc i32 @do_nanosleep(%struct.hrtimer_sleeper.79143* nonnull %4, i32 %1) #70 Function:do_nanosleep %3 = alloca i64, align 8 %4 = alloca %struct.anon.54, align 8 %5 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 1 %7 = bitcast i64* %3 to i8* %8 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %9 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %10 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %11 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 1 %12 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 4 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %5, i64 0, i32 0, i32 0 br label %14 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 %25 = load i32, i32* %12, align 4 %26 = or i32 %25, 1073741824 store i32 %26, i32* %12, align 4 tail call void @schedule() #69 %27 = load i32, i32* %12, align 4 %28 = and i32 %27, -1073741825 store i32 %28, i32* %12, align 4 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %29 = tail call i32 @_cond_resched() #69 %30 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @system_freezing_cnt, i64 0, i32 0), align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %36, label %32, !prof !9, !misexpect !7 %33 = tail call zeroext i1 bitcast (i1 (%struct.task_struct.43108*)* @freezing_slow_path to i1 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* %5) #69 br i1 %33, label %34, label %36, !prof !6, !misexpect !7 %35 = tail call zeroext i1 @__refrigerator(i1 zeroext false) #69 br label %36 %37 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %38 = icmp slt i32 %37, 0 br i1 %38, label %39, label %42 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %40 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %8) #69 %41 = icmp slt i32 %40, 0 br i1 %41, label %39, label %42 %43 = load %struct.task_struct.54204*, %struct.task_struct.54204** %11, align 8 %44 = icmp eq %struct.task_struct.54204* %43, null br i1 %44, label %49, label %45 %46 = load volatile i64, i64* %13, align 8 %47 = and i64 %46, 4 %48 = icmp eq i64 %47, 0 br i1 %48, label %14, label %49 %15 = phi i32 [ %1, %2 ], [ 0, %45 ] store volatile i64 1, i64* %3, align 8 %16 = load volatile i64, i64* %3, align 8 %17 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %6, i64 %16, i64* %6) #6, !srcloc !5 store volatile i64 %17, i64* %3, align 8 %18 = load volatile i64, i64* %3, align 8 %19 = load i64, i64* %9, align 8 %20 = load i64, i64* %10, align 8 %21 = sub i64 %20, %19 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %8, i64 %19, i64 %21, i32 %15) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 hrtimer_sleeper_start_expires 10 blk_poll 11 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr %struct.inode.112777, %struct.inode.112777* %8, i64 -1, i32 40 %10 = getelementptr inbounds %struct.file_lock_context*, %struct.file_lock_context** %9, i64 16 %11 = bitcast %struct.file_lock_context** %10 to %struct.gendisk.112631** %12 = load %struct.gendisk.112631*, %struct.gendisk.112631** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.112631, %struct.gendisk.112631* %12, i64 0, i32 10 %14 = load %struct.request_queue.112608*, %struct.request_queue.112608** %13, align 8 %15 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 7 %16 = load volatile i32, i32* %15, align 4 %17 = tail call i32 bitcast (i32 (%struct.request_queue.272970*, i32, i1)* @blk_poll to i32 (%struct.request_queue.112608*, i32, i1)*)(%struct.request_queue.112608* %14, i32 %16, i1 zeroext %1) #69 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.277443, align 8 %5 = alloca i64, align 8 %6 = icmp ult i32 %1, -2 br i1 %6, label %7, label %180 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 65536 %11 = icmp eq i64 %10, 0 br i1 %11, label %180, label %12 %13 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 111 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 8 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 10 %20 = load %struct.blk_mq_hw_ctx.272919**, %struct.blk_mq_hw_ctx.272919*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %24, align 8 %26 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 30 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 br i1 %28, label %131, label %29 %30 = icmp slt i32 %1, 0 br i1 %30, label %46, label %31 %47 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %25, i64 0, i32 20 %48 = load %struct.blk_mq_tags.272914*, %struct.blk_mq_tags.272914** %47, align 64 %49 = and i32 %1, 65535 %50 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 0 %51 = load i32, i32* %50, align 8 %52 = icmp ugt i32 %51, %49 br i1 %52, label %53, label %131 %54 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 5 %55 = load %struct.request.272936**, %struct.request.272936*** %54, align 8 %56 = zext i32 %49 to i64 %57 = getelementptr %struct.request.272936*, %struct.request.272936** %55, i64 %56 %58 = bitcast %struct.request.272936** %57 to i8** %59 = load i8*, i8** %58, align 8 %60 = bitcast i8* %59 to %struct.request.272936* %61 = icmp eq i8* %59, null br i1 %61, label %131, label %62 %63 = phi %struct.request.272936* [ %60, %53 ], [ %45, %38 ], [ null, %31 ] %64 = bitcast %struct.hrtimer_sleeper.277443* %4 to i8* %65 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %63, i64 0, i32 4 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1048576 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %129 %70 = icmp sgt i32 %27, 0 br i1 %70, label %97, label %71 %72 = load volatile i64, i64* %8, align 8 %73 = and i64 %72, 2097152 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %80 %76 = tail call zeroext i1 @blk_queue_flag_test_and_set(i32 21, %struct.request_queue.272970* %0) #69 br i1 %76, label %80, label %77 %81 = tail call i32 @blk_mq_poll_stats_bkt(%struct.request.272936* %63) #69 %82 = icmp slt i32 %81, 0 br i1 %82, label %129, label %83 %84 = zext i32 %81 to i64 %85 = getelementptr %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 32, i64 %84, i32 3 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, 0 br i1 %87, label %129, label %88 %89 = getelementptr %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 32, i64 %84, i32 0 %90 = load i64, i64* %89, align 8 %91 = add i64 %90, 1 %92 = lshr i64 %91, 1 %93 = trunc i64 %92 to i32 %94 = icmp eq i32 %93, 0 br i1 %94, label %129, label %95 %96 = load i32, i32* %65, align 4 br label %97 %98 = phi i32 [ %96, %95 ], [ %66, %69 ] %99 = phi i32 [ %93, %95 ], [ %27, %69 ] %100 = or i32 %98, 1048576 store i32 %100, i32* %65, align 4 %101 = zext i32 %99 to i64 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.277443*, i32, i32)*)(%struct.hrtimer_sleeper.277443* nonnull %4, i32 1, i32 1) #69 %102 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0 %103 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0, i32 0, i32 1 store i64 %101, i64* %103, align 8 %104 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 0, i32 1 store i64 %101, i64* %104, align 8 %105 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %63, i64 0, i32 24 %106 = getelementptr inbounds %struct.hrtimer_sleeper.277443, %struct.hrtimer_sleeper.277443* %4, i64 0, i32 1 %107 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 0, i32 0 %108 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 1 %109 = bitcast i64* %5 to i8* br label %110 %111 = phi i32 [ 1, %97 ], [ 0, %125 ] %112 = load volatile i32, i32* %105, align 4 %113 = icmp eq i32 %112, 2 br i1 %113, label %130, label %114 store volatile i64 2, i64* %5, align 8 %115 = load volatile i64, i64* %5, align 8 %116 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %108, i64 %115, i64* %108) #6, !srcloc !5 store volatile i64 %116, i64* %5, align 8 %117 = load volatile i64, i64* %5, align 8 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32)* @hrtimer_sleeper_start_expires to void (%struct.hrtimer_sleeper.277443*, i32)*)(%struct.hrtimer_sleeper.277443* nonnull %4, i32 %111) #69 Function:hrtimer_sleeper_start_expires %3 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0 %4 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 1 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %0, i64 0, i32 0, i32 0, i32 1 %7 = load i64, i64* %6, align 8 %8 = sub i64 %7, %5 tail call void @hrtimer_start_range_ns(%struct.hrtimer* %3, i64 %5, i64 %8, i32 %1) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive_time32 ------------- Path:  Function:__ia32_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive_time32 ------------- Path:  Function:__x64_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %35 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %35, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %35 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = and i64 %9, 4294967295 %33 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %32, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.54* %24 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 wq_sleep 11 do_mq_timedreceive 12 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.54* %20 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %92 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 7 %93 = load i32, i32* %92, align 8 %94 = and i32 %93, 2048 %95 = icmp eq i32 %94, 0 br i1 %95, label %146, label %96 %147 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 0 store %struct.task_struct.245736* %23, %struct.task_struct.245736** %147, align 8 %148 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %6, i64 0, i32 3 store i32 0, i32* %148, align 8 %149 = call fastcc i32 @wq_sleep(%struct.mqueue_inode_info* %45, i32 1, i64* %22, %struct.ext_wait_queue* nonnull %6) #70 Function:wq_sleep %5 = zext i32 %1 to i64 %6 = getelementptr %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 14, i64 %5, i32 1 %7 = bitcast %struct.list_head* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = bitcast i8* %8 to %struct.list_head* %10 = icmp eq %struct.list_head* %6, %9 br i1 %10, label %34, label %11 %12 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %12, i64 0, i32 15 %14 = load i32, i32* %13, align 4 br label %15 %16 = phi i8* [ %8, %11 ], [ %31, %29 ] %17 = getelementptr i8, i8* %16, i64 -8 %18 = bitcast i8* %17 to %struct.task_struct.245736** %19 = load %struct.task_struct.245736*, %struct.task_struct.245736** %18, align 8 %20 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %19, i64 0, i32 15 %21 = load i32, i32* %20, align 4 %22 = icmp sgt i32 %21, %14 br i1 %22, label %29, label %23 %24 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1 %25 = getelementptr inbounds i8, i8* %16, i64 8 %26 = bitcast i8* %25 to %struct.list_head** %27 = load %struct.list_head*, %struct.list_head** %26, align 8 store %struct.list_head* %24, %struct.list_head** %26, align 8 %28 = bitcast %struct.list_head* %24 to i8** store i8* %16, i8** %28, align 8 br label %39 %40 = phi %struct.list_head* [ %27, %23 ], [ %37, %34 ] %41 = phi %struct.list_head* [ %24, %23 ], [ %35, %34 ] %42 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 1, i32 1 store %struct.list_head* %40, %struct.list_head** %42, align 8 %43 = ptrtoint %struct.list_head* %41 to i64 %44 = bitcast %struct.list_head* %40 to i64* store volatile i64 %43, i64* %44, align 8 %45 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 1 %47 = bitcast %struct.mqueue_inode_info* %0 to i8* %48 = getelementptr inbounds %struct.ext_wait_queue, %struct.ext_wait_queue* %3, i64 0, i32 3 %49 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %0, i64 0, i32 0, i32 0, i32 0 %50 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %45, i64 0, i32 0, i32 0 br label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 tail call void @_raw_spin_lock(%struct.raw_spinlock* %49) #69 %56 = load i32, i32* %48, align 8 %57 = icmp eq i32 %56, 1 br i1 %57, label %73, label %58 %59 = load volatile i64, i64* %50, align 8 %60 = and i64 %59, 4 %61 = icmp eq i64 %60, 0 br i1 %61, label %62, label %64 %63 = icmp eq i32 %52, 0 br i1 %63, label %64, label %51 store volatile i64 1, i64* %46, align 16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* %47, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %52 = tail call i32 @schedule_hrtimeout_range_clock(i64* %2, i64 0, i32 0, i32 0) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __ia32_compat_sys_ptrace ------------- Path:  Function:__ia32_compat_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = icmp eq i32 %9, 0 br i1 %12, label %13, label %16 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %19) #69 %21 = icmp eq %struct.task_struct.43108* %20, null br i1 %21, label %85, label %22 switch i32 %9, label %30 [ i32 16902, label %23 i32 16, label %23 ] %31 = icmp eq i32 %9, 8 %32 = icmp eq i32 %9, 16903 %33 = or i1 %31, %32 %34 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %20, i1 zeroext %33) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __ia32_sys_ptrace ------------- Path:  Function:__ia32_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_ptrace(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.43108* %11, null br i1 %12, label %72, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout 11 wait_task_inactive 12 ptrace_check_attach 13 __se_sys_ptrace 14 __x64_sys_ptrace ------------- Path:  Function:__x64_sys_ptrace %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_ptrace(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_ptrace %5 = icmp eq i64 %0, 0 br i1 %5, label %6, label %9 %10 = trunc i64 %1 to i32 %11 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_get_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %10) #69 %12 = icmp eq %struct.task_struct.43108* %11, null br i1 %12, label %72, label %13 switch i64 %0, label %17 [ i64 16902, label %14 i64 16, label %14 ] %18 = icmp eq i64 %0, 8 %19 = icmp eq i64 %0, 16903 %20 = or i1 %18, %19 %21 = tail call fastcc i32 @ptrace_check_attach(%struct.task_struct.43108* nonnull %11, i1 zeroext %20) #69 Function:ptrace_check_attach tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %4 = load i32, i32* %3, align 8 %5 = icmp eq i32 %4, 0 br i1 %5, label %56, label %6 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %8 = load %struct.task_struct.43108*, %struct.task_struct.43108** %7, align 16 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = icmp eq %struct.task_struct.43108* %8, %9 br i1 %10, label %11, label %56 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %13 = load volatile i64, i64* %12, align 16 %14 = icmp eq i64 %13, 8 br i1 %14, label %15, label %16, !prof !5, !misexpect !6 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.5313, i64 0, i64 0), i32 258, i32 2305, i64 12) #6, !srcloc !7 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 135) #6, !srcloc !8 br label %16 br i1 %1, label %56, label %17 %57 = phi i1 [ true, %2 ], [ true, %47 ], [ true, %6 ], [ true, %17 ], [ true, %50 ], [ true, %53 ], [ false, %44 ], [ false, %16 ] %58 = phi i32 [ -3, %2 ], [ -3, %47 ], [ -3, %6 ], [ -3, %17 ], [ -3, %50 ], [ -3, %53 ], [ 0, %44 ], [ 0, %16 ] %59 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !12 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %60 = or i1 %57, %1 %61 = select i1 %57, i32 %58, i32 0 br i1 %60, label %70, label %62 %63 = tail call i64 bitcast (i64 (%struct.task_struct.54204*, i64)* @wait_task_inactive to i64 (%struct.task_struct.43108*, i64)*)(%struct.task_struct.43108* %0, i64 8) #69 Function:wait_task_inactive %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %6 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %7 = icmp eq i64 %1, 0 %8 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %11 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 69 %12 = bitcast i64* %3 to i8* %13 = bitcast i64* %4 to i8* br label %14 %15 = load volatile i32, i32* %5, align 4 %16 = load i32, i32* %6, align 8 %17 = icmp eq i32 %16, 0 br i1 %17, label %25, label %18 br i1 %7, label %22, label %19 %20 = load volatile i64, i64* %8, align 16 %21 = icmp eq i64 %20, %1 br i1 %21, label %22, label %102, !prof !4, !misexpect !5 call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %23 = load i32, i32* %6, align 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %18 br label %26 %27 = call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %28 = load volatile i32, i32* %5, align 4 %29 = zext i32 %28 to i64 %30 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %29 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, ptrtoint (%struct.rq* @runqueues to i64) %33 = inttoptr i64 %32 to %struct.rq* %34 = getelementptr inbounds %struct.rq, %struct.rq* %33, i64 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = load volatile i32, i32* %5, align 4 %36 = zext i32 %35 to i64 %37 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %36 %38 = load i64, i64* %37, align 8 %39 = add i64 %38, ptrtoint (%struct.rq* @runqueues to i64) %40 = inttoptr i64 %39 to %struct.rq* %41 = icmp eq %struct.rq* %33, %40 br i1 %41, label %42, label %45, !prof !4 %43 = load volatile i32, i32* %9, align 4 %44 = icmp eq i32 %43, 2 br i1 %44, label %45, label %53, !prof !7, !misexpect !8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_wait_task, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@wait_task_inactive, %54)) #6 to label %76 [label %54], !srcloc !11 %77 = load i32, i32* %6, align 8 %78 = load i32, i32* %9, align 32 %79 = icmp eq i32 %78, 1 br i1 %7, label %83, label %80 %84 = load i64, i64* %11, align 16 %85 = or i64 %84, -9223372036854775808 br label %86 %87 = phi i64 [ %85, %83 ], [ 0, %80 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %88 = inttoptr i64 %32 to i8* store volatile i8 0, i8* %88, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %10, i64 %27) #69 %89 = icmp eq i64 %87, 0 br i1 %89, label %102, label %90, !prof !7, !misexpect !5 %91 = icmp eq i32 %77, 0 br i1 %91, label %94, label %92, !prof !4, !misexpect !5 br i1 %79, label %95, label %102, !prof !7, !misexpect !5 store i64 1000000, i64* %3, align 8 %96 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !16 %97 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %96, i64 0, i32 1 store volatile i64 2, i64* %4, align 8 %98 = load volatile i64, i64* %4, align 8 %99 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %97, i64 %98, i64* %97) #6, !srcloc !17 store volatile i64 %99, i64* %4, align 8 %100 = load volatile i64, i64* %4, align 8 %101 = call i32 @schedule_hrtimeout(i64* nonnull %3, i32 1) #69 Function:schedule_hrtimeout %3 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 0, i32 %1, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_compat_sys_epoll_pwait ------------- Path:  Function:__ia32_compat_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %12 to %struct.kernel_cap_struct* %17 = tail call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %16, i64 %15) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 %20 = and i64 %5, 4294967295 %21 = trunc i64 %9 to i32 %22 = trunc i64 %7 to i32 %23 = inttoptr i64 %20 to %struct.epoll_event* %24 = trunc i64 %3 to i32 %25 = tail call fastcc i32 @do_epoll_wait(i32 %24, %struct.epoll_event* %23, i32 %22, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_pwait ------------- Path:  Function:__ia32_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %12 to %struct.cpumask* %17 = tail call i32 @set_user_sigmask(%struct.cpumask* %16, i64 %15) #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 %20 = and i64 %5, 4294967295 %21 = trunc i64 %9 to i32 %22 = trunc i64 %7 to i32 %23 = inttoptr i64 %20 to %struct.epoll_event* %24 = trunc i64 %3 to i32 %25 = tail call fastcc i32 @do_epoll_wait(i32 %24, %struct.epoll_event* %23, i32 %22, i32 %21) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_pwait ------------- Path:  Function:__x64_sys_epoll_pwait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.cpumask** %13 = load %struct.cpumask*, %struct.cpumask** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = tail call i32 @set_user_sigmask(%struct.cpumask* %13, i64 %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %39 %19 = trunc i64 %10 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %3 to i32 %22 = tail call fastcc i32 @do_epoll_wait(i32 %21, %struct.epoll_event* %6, i32 %20, i32 %19) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __ia32_sys_epoll_wait ------------- Path:  Function:__ia32_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.epoll_event* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %12, i32 %13, i32 %14) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_epoll_wait 12 __x64_sys_epoll_wait ------------- Path:  Function:__x64_sys_epoll_wait %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.epoll_event** %6 = load %struct.epoll_event*, %struct.epoll_event** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call fastcc i32 @do_epoll_wait(i32 %11, %struct.epoll_event* %6, i32 %12, i32 %13) #69 Function:do_epoll_wait %5 = alloca %struct.ep_send_events_data, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.wait_queue_entry, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.anon.54, align 8 %10 = icmp slt i32 %2, 1 %11 = icmp ugt i32 %2, 178956970 %12 = or i1 %10, %11 br i1 %12, label %239, label %13 %14 = zext i32 %2 to i64 %15 = mul nuw nsw i64 %14, 12 %16 = tail call %struct.task_struct.149807* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.149807** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.149807**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = ptrtoint %struct.epoll_event* %1 to i64 %20 = add i64 %15, %19 %21 = icmp ult i64 %20, %15 %22 = icmp ugt i64 %20, %18 %23 = or i1 %21, %22 br i1 %23, label %239, label %24, !prof !5, !misexpect !6 %25 = tail call i64 @__fdget(i32 %0) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.149864* %28 = icmp eq i64 %26, 0 br i1 %28, label %239, label %29 %30 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 3 %31 = load %struct.file_operations.149897*, %struct.file_operations.149897** %30, align 8 %32 = icmp eq %struct.file_operations.149897* %31, @eventpoll_fops br i1 %32, label %33, label %234 %34 = getelementptr inbounds %struct.file.149864, %struct.file.149864* %27, i64 0, i32 16 %35 = bitcast i8** %34 to %struct.eventpoll** %36 = load %struct.eventpoll*, %struct.eventpoll** %35, align 8 %37 = bitcast %struct.wait_queue_entry* %7 to i8* %38 = bitcast i64* %8 to i8* %39 = icmp sgt i32 %3, 0 br i1 %39, label %40, label %64 %41 = bitcast %struct.anon.54* %9 to i8* %42 = bitcast %struct.anon.54* %6 to i8* %43 = udiv i32 %3, 1000 %44 = zext i32 %43 to i64 %45 = urem i32 %3, 1000 %46 = mul nuw nsw i32 %45, 1000000 %47 = zext i32 %46 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %44, i64 %47) #69 %53 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %54 = extractvalue { i64, i64 } %52, 0 store i64 %54, i64* %53, align 8 %55 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %56 = extractvalue { i64, i64 } %52, 1 store i64 %56, i64* %55, align 8 %57 = call i64 @select_estimate_accuracy(%struct.anon.54* nonnull %9) #69 %58 = load i64, i64* %53, align 8 %59 = load i64, i64* %55, align 8 %60 = icmp sgt i64 %58, 9223372035 %61 = mul i64 %58, 1000000000 %62 = add i64 %61, %59 %63 = select i1 %60, i64 9223372036854775807, i64 %62, !prof !5 store i64 %63, i64* %8, align 8 br label %86 %87 = phi i64 [ %208, %223 ], [ %57, %40 ], [ 0, %64 ] %88 = phi i64* [ %209, %223 ], [ %8, %40 ], [ null, %64 ] %89 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3 %90 = getelementptr inbounds %struct.list_head, %struct.list_head* %89, i64 0, i32 0 %91 = load %struct.list_head*, %struct.list_head** %90, align 8 %92 = icmp eq %struct.list_head* %91, %89 br i1 %92, label %93, label %113 %94 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = icmp eq %struct.list_head* %95, %89 br i1 %96, label %97, label %119 %98 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %99 = bitcast %struct.epitem** %98 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.epitem* %102 = icmp eq %struct.epitem* %101, inttoptr (i64 -1 to %struct.epitem*) br i1 %102, label %103, label %122 %123 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 3, i32 1 %124 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 6 %125 = bitcast %struct.epitem** %124 to i64* %126 = load volatile i64, i64* %125, align 8 %127 = inttoptr i64 %126 to %struct.epitem* %128 = icmp eq %struct.epitem* %127, inttoptr (i64 -1 to %struct.epitem*) br i1 %128, label %129, label %204 %130 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 11 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, 0 br i1 %132, label %134, label %133 store i32 0, i32* %130, align 8 br label %134 %135 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %136 = bitcast i8** %135 to %struct.task_struct.149807** store %struct.task_struct.149807* %16, %struct.task_struct.149807** %136, align 8 %137 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 %138 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %139 = ptrtoint %struct.list_head* %138 to i64 %140 = bitcast %struct.list_head* %138 to i64* store volatile i64 %139, i64* %140, align 8 %141 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %138, %struct.list_head** %141, align 8 %142 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %142, align 8 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @ep_autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %137, align 8 %143 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 4 call void @_raw_write_lock_irq(%struct.rwlock_t* %143) #69 %144 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 1 store volatile i64 1, i64* %144, align 16 %145 = load %struct.list_head*, %struct.list_head** %90, align 8 %146 = icmp eq %struct.list_head* %145, %89 br i1 %146, label %147, label %168 %148 = load %struct.list_head*, %struct.list_head** %123, align 8 %149 = icmp eq %struct.list_head* %148, %89 br i1 %149, label %150, label %168 %151 = load volatile i64, i64* %125, align 8 %152 = inttoptr i64 %151 to %struct.epitem* %153 = icmp eq %struct.epitem* %152, inttoptr (i64 -1 to %struct.epitem*) br i1 %153, label %154, label %168 %155 = getelementptr inbounds %struct.task_struct.149807, %struct.task_struct.149807* %16, i64 0, i32 0, i32 0 %156 = load volatile i64, i64* %155, align 8 %157 = and i64 %156, 4 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %168 %160 = load i32, i32* %142, align 8 %161 = or i32 %160, 1 store i32 %161, i32* %142, align 8 %162 = getelementptr inbounds %struct.eventpoll, %struct.eventpoll* %36, i64 0, i32 1, i32 1 %163 = getelementptr inbounds %struct.list_head, %struct.list_head* %162, i64 0, i32 0 %164 = load %struct.list_head*, %struct.list_head** %163, align 8 %165 = getelementptr inbounds %struct.list_head, %struct.list_head* %164, i64 0, i32 1 store %struct.list_head* %138, %struct.list_head** %165, align 8 %166 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 0 store %struct.list_head* %164, %struct.list_head** %166, align 8 store %struct.list_head* %162, %struct.list_head** %141, align 8 %167 = bitcast %struct.list_head* %162 to i64* store volatile i64 %139, i64* %167, align 8 br label %168 %169 = phi i1 [ false, %159 ], [ true, %150 ], [ false, %154 ], [ true, %147 ], [ true, %134 ] %170 = phi i1 [ false, %159 ], [ false, %150 ], [ true, %154 ], [ false, %147 ], [ false, %134 ] %171 = phi i32 [ 0, %159 ], [ 0, %150 ], [ -4, %154 ], [ 0, %147 ], [ 0, %134 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %172 = bitcast %struct.rwlock_t* %143 to i8* store volatile i8 0, i8* %172, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %173 = or i1 %169, %170 br i1 %173, label %178, label %174 %175 = call i32 @schedule_hrtimeout_range(i64* %88, i64 %87, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll_time64 ------------- Path:  Function:__ia32_compat_sys_ppoll_time64 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = inttoptr i64 %6 to %struct.perf_event_header* %19 = trunc i64 %8 to i32 %20 = inttoptr i64 %14 to %struct.kernel_cap_struct* %21 = bitcast %struct.anon.54* %2 to i8* %22 = bitcast %struct.anon.54* %3 to i8* %23 = icmp eq i64 %11, 0 br i1 %23, label %48, label %24 %25 = inttoptr i64 %11 to %struct.anon.54* %26 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %59 %29 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %30, -1 %34 = icmp ult i64 %32, 1000000000 %35 = and i1 %33, %34 br i1 %35, label %36, label %59 %37 = or i64 %32, %30 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %40 call void @ktime_get_ts64(%struct.anon.54* nonnull %3) #69 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %44 = load i64, i64* %43, align 8 %45 = call { i64, i64 } @timespec64_add_safe(i64 %42, i64 %44, i64 %30, i64 %32) #69 %46 = extractvalue { i64, i64 } %45, 0 %47 = extractvalue { i64, i64 } %45, 1 store i64 %46, i64* %41, align 8 store i64 %47, i64* %43, align 8 br label %48 %49 = phi %struct.anon.54* [ null, %1 ], [ %3, %40 ], [ %3, %39 ] %50 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %20, i64 %17) #69 %51 = icmp eq i32 %50, 0 br i1 %51, label %54, label %52 %55 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %18, i32 %19, %struct.anon.54* %49) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __ia32_compat_sys_ppoll_time32 ------------- Path:  Function:__ia32_compat_sys_ppoll_time32 %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.anon.54, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = inttoptr i64 %6 to %struct.perf_event_header* %19 = trunc i64 %8 to i32 %20 = inttoptr i64 %14 to %struct.kernel_cap_struct* %21 = bitcast %struct.anon.54* %2 to i8* %22 = bitcast %struct.anon.54* %3 to i8* %23 = icmp eq i64 %11, 0 br i1 %23, label %48, label %24 %25 = inttoptr i64 %11 to i8* %26 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %59 %29 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %30 = load i64, i64* %29, align 8 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp sgt i64 %30, -1 %34 = icmp ult i64 %32, 1000000000 %35 = and i1 %33, %34 br i1 %35, label %36, label %59 %37 = or i64 %32, %30 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %40 call void @ktime_get_ts64(%struct.anon.54* nonnull %3) #69 %41 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %42 = load i64, i64* %41, align 8 %43 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %44 = load i64, i64* %43, align 8 %45 = call { i64, i64 } @timespec64_add_safe(i64 %42, i64 %44, i64 %30, i64 %32) #69 %46 = extractvalue { i64, i64 } %45, 0 %47 = extractvalue { i64, i64 } %45, 1 store i64 %46, i64* %41, align 8 store i64 %47, i64* %43, align 8 br label %48 %49 = phi %struct.anon.54* [ null, %1 ], [ %3, %40 ], [ %3, %39 ] %50 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %20, i64 %17) #69 %51 = icmp eq i32 %50, 0 br i1 %51, label %54, label %52 %55 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %18, i32 %19, %struct.anon.54* %49) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __ia32_sys_ppoll ------------- Path:  Function:__ia32_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_ppoll(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = inttoptr i64 %0 to %struct.perf_event_header* %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %3 to %struct.cpumask* %11 = bitcast %struct.anon.54* %6 to i8* %12 = bitcast %struct.anon.54* %7 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %38, label %14 %15 = inttoptr i64 %2 to %struct.anon.54* %16 = call i32 @get_timespec64(%struct.anon.54* nonnull %6, %struct.anon.54* nonnull %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp sgt i64 %20, -1 %24 = icmp ult i64 %22, 1000000000 %25 = and i1 %23, %24 br i1 %25, label %26, label %49 %27 = or i64 %22, %20 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %30 call void @ktime_get_ts64(%struct.anon.54* nonnull %7) #69 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %34 = load i64, i64* %33, align 8 %35 = call { i64, i64 } @timespec64_add_safe(i64 %32, i64 %34, i64 %20, i64 %22) #69 %36 = extractvalue { i64, i64 } %35, 0 %37 = extractvalue { i64, i64 } %35, 1 store i64 %36, i64* %31, align 8 store i64 %37, i64* %33, align 8 br label %38 %39 = phi %struct.anon.54* [ null, %5 ], [ %7, %30 ], [ %7, %29 ] %40 = call i32 @set_user_sigmask(%struct.cpumask* %10, i64 %4) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %8, i32 %9, %struct.anon.54* %39) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_ppoll 13 __x64_sys_ppoll ------------- Path:  Function:__x64_sys_ppoll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_ppoll(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_ppoll %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = inttoptr i64 %0 to %struct.perf_event_header* %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %3 to %struct.cpumask* %11 = bitcast %struct.anon.54* %6 to i8* %12 = bitcast %struct.anon.54* %7 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %38, label %14 %15 = inttoptr i64 %2 to %struct.anon.54* %16 = call i32 @get_timespec64(%struct.anon.54* nonnull %6, %struct.anon.54* nonnull %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %49 %19 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %20 = load i64, i64* %19, align 8 %21 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp sgt i64 %20, -1 %24 = icmp ult i64 %22, 1000000000 %25 = and i1 %23, %24 br i1 %25, label %26, label %49 %27 = or i64 %22, %20 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %30 call void @ktime_get_ts64(%struct.anon.54* nonnull %7) #69 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %34 = load i64, i64* %33, align 8 %35 = call { i64, i64 } @timespec64_add_safe(i64 %32, i64 %34, i64 %20, i64 %22) #69 %36 = extractvalue { i64, i64 } %35, 0 %37 = extractvalue { i64, i64 } %35, 1 store i64 %36, i64* %31, align 8 store i64 %37, i64* %33, align 8 br label %38 %39 = phi %struct.anon.54* [ null, %5 ], [ %7, %30 ], [ %7, %29 ] %40 = call i32 @set_user_sigmask(%struct.cpumask* %10, i64 %4) #69 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %8, i32 %9, %struct.anon.54* %39) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __ia32_sys_poll ------------- Path:  Function:__ia32_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_poll(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.54* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.54* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.54* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_sys_poll 12 __se_sys_poll 13 __x64_sys_poll ------------- Path:  Function:__x64_sys_poll %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_poll(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = inttoptr i64 %0 to %struct.perf_event_header* %6 = trunc i64 %1 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.anon.54* %4 to i8* %9 = icmp sgt i32 %7, -1 br i1 %9, label %10, label %27 %11 = udiv i32 %7, 1000 %12 = urem i32 %7, 1000 %13 = mul nuw nsw i32 %12, 1000000 %14 = or i32 %13, %11 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %17 %18 = zext i32 %11 to i64 %19 = zext i32 %13 to i64 call void @ktime_get_ts64(%struct.anon.54* nonnull %4) #69 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = call { i64, i64 } @timespec64_add_safe(i64 %21, i64 %23, i64 %18, i64 %19) #69 %25 = extractvalue { i64, i64 } %24, 0 %26 = extractvalue { i64, i64 } %24, 1 store i64 %25, i64* %20, align 8 store i64 %26, i64* %22, align 8 br label %27 %28 = phi %struct.anon.54* [ null, %3 ], [ %4, %16 ], [ %4, %17 ] %29 = call fastcc i32 @do_sys_poll(%struct.perf_event_header* %5, i32 %6, %struct.anon.54* %28) #69 Function:do_sys_poll %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = alloca [32 x i64], align 16 %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = bitcast [32 x i64]* %9 to i8* %12 = bitcast [32 x i64]* %9 to %struct.poll_list* %13 = getelementptr inbounds [32 x i64], [32 x i64]* %9, i64 0, i64 1 %14 = bitcast i64* %13 to i32* %15 = bitcast [32 x i64]* %9 to %struct.poll_list** %16 = zext i32 %1 to i64 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 87 %19 = load %struct.signal_struct.136225*, %struct.signal_struct.136225** %18, align 8 %20 = getelementptr %struct.signal_struct.136225, %struct.signal_struct.136225* %19, i64 0, i32 49, i64 7, i32 0 %21 = load volatile i64, i64* %20, align 8 %22 = icmp ult i64 %21, %16 br i1 %22, label %327, label %23 %24 = icmp ult i32 %1, 30 %25 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %0, i64 %16 %26 = select i1 %24, i32 %1, i32 30 br label %27 %28 = phi i64 [ %52, %54 ], [ %16, %23 ] %29 = phi %struct.poll_list* [ %61, %54 ], [ %12, %23 ] %30 = phi i32 [ %57, %54 ], [ %26, %23 ] %31 = phi %struct.poll_list** [ %64, %54 ], [ %15, %23 ] %32 = phi i32* [ %63, %54 ], [ %14, %23 ] store %struct.poll_list* null, %struct.poll_list** %31, align 8 store i32 %30, i32* %32, align 8 %33 = icmp eq i32 %30, 0 br i1 %33, label %67, label %34 %35 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = sext i32 %36 to i64 %38 = shl nsw i64 %37, 3 %39 = icmp ugt i64 %38, 2147483647 br i1 %39, label %40, label %41, !prof !5, !misexpect !6 %42 = sub i64 0, %28 %43 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %25, i64 %42 %44 = bitcast %struct.perf_event_header* %43 to i8* %45 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %29, i64 0, i32 2, i64 0 %46 = bitcast %struct.perf_event_header* %45 to i8* %47 = call i64 @_copy_from_user(i8* %46, i8* %44, i64 %38) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %317 %50 = load i32, i32* %35, align 8 %51 = sext i32 %50 to i64 %52 = sub i64 %28, %51 %53 = icmp eq i64 %52, 0 br i1 %53, label %67, label %54 %68 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %69 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %69, align 8 %70 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %70, align 8 %71 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %71, align 8 %72 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %72, align 4 %73 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %73, align 8 %74 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %76 = bitcast i64* %7 to i8* %77 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %78 = icmp eq i32 %77, 0 %79 = select i1 %78, i32 0, i32 32768 %80 = icmp eq %struct.anon.54* %2, null br i1 %80, label %137, label %81 %82 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %83 = load i64, i64* %82, align 8 %84 = icmp eq i64 %83, 0 br i1 %84, label %85, label %90 %86 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %87 = load i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %89, label %90 %91 = bitcast %struct.anon.54* %5 to i8* %92 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 15 %93 = load i32, i32* %92, align 4 %94 = icmp sgt i32 %93, 99 br i1 %94, label %95, label %135 call void @ktime_get_ts64(%struct.anon.54* nonnull %5) #69 %96 = load i64, i64* %82, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 0 %100 = load i64, i64* %99, align 8 %101 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %5, i64 0, i32 1 %102 = load i64, i64* %101, align 8 %103 = bitcast %struct.anon.54* %4 to i8* %104 = sub i64 %96, %100 %105 = sub i64 %98, %102 call void @set_normalized_timespec64(%struct.anon.54* nonnull %4, i64 %104, i64 %105) #69 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %107 = load i64, i64* %106, align 8 %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %109 = load i64, i64* %108, align 8 store i64 %107, i64* %99, align 8 store i64 %109, i64* %101, align 8 %110 = icmp slt i64 %107, 0 br i1 %110, label %129, label %111 %112 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 16 %113 = load i32, i32* %112, align 8 %114 = add i32 %113, -120 %115 = icmp sgt i32 %114, 0 %116 = select i1 %115, i64 200, i64 1000 %117 = trunc i64 %116 to i32 %118 = udiv i32 1000000000, %117 %119 = udiv i32 100000000, %118 %120 = zext i32 %119 to i64 %121 = icmp sgt i64 %107, %120 br i1 %121, label %129, label %122 %123 = zext i32 %118 to i64 %124 = sdiv i64 %109, %116 %125 = mul i64 %107, %123 %126 = add i64 %124, %125 %127 = icmp slt i64 %126, 100000000 %128 = select i1 %127, i64 %126, i64 100000000 br label %129 %130 = phi i64 [ 0, %95 ], [ 100000000, %111 ], [ %128, %122 ] %131 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 151 %132 = load i64, i64* %131, align 8 %133 = icmp ult i64 %130, %132 %134 = select i1 %133, i64 %132, i64 %130 br label %135 %136 = phi i64 [ 0, %90 ], [ %134, %129 ] br label %137 %138 = phi i32 [ 0, %135 ], [ 1, %89 ], [ 0, %67 ] %139 = phi i64 [ %136, %135 ], [ 0, %89 ], [ 0, %67 ] %140 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %141 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %142 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %143 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %144 = bitcast i64* %6 to i8* br label %145 %146 = phi i32 [ 0, %251 ], [ %138, %137 ] %147 = phi i32 [ %241, %251 ], [ 0, %137 ] %148 = phi i32 [ %227, %251 ], [ %79, %137 ] %149 = phi i64 [ %254, %251 ], [ 0, %137 ] %150 = phi i64* [ %156, %251 ], [ null, %137 ] %151 = icmp eq i64 %149, 0 br label %152 %153 = phi i32 [ %146, %145 ], [ %285, %284 ] %154 = phi i32 [ %147, %145 ], [ %241, %284 ] %155 = phi i32 [ %148, %145 ], [ 0, %284 ] %156 = phi i64* [ %150, %145 ], [ %276, %284 ] br label %157 %158 = phi i32 [ 0, %258 ], [ %153, %152 ] %159 = phi i32 [ %241, %258 ], [ %154, %152 ] %160 = phi i32 [ %227, %258 ], [ %155, %152 ] br label %161 %162 = phi %struct.poll_list* [ %229, %224 ], [ %12, %157 ] %163 = phi i32 [ %227, %224 ], [ %160, %157 ] %164 = phi i32 [ %226, %224 ], [ %159, %157 ] %165 = phi i8 [ %225, %224 ], [ 0, %157 ] %166 = phi i32* [ %230, %224 ], [ %14, %157 ] %167 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 0 %168 = load i32, i32* %166, align 8 %169 = sext i32 %168 to i64 %170 = getelementptr %struct.poll_list, %struct.poll_list* %162, i64 0, i32 2, i64 %169 %171 = icmp eq %struct.perf_event_header* %167, %170 br i1 %171, label %224, label %172 %173 = phi %struct.perf_event_header* [ %222, %218 ], [ %167, %161 ] %174 = phi i32 [ %221, %218 ], [ %163, %161 ] %175 = phi i32 [ %220, %218 ], [ %164, %161 ] %176 = phi i8 [ %219, %218 ], [ %165, %161 ] %177 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 0 %178 = load i32, i32* %177, align 4 %179 = icmp slt i32 %178, 0 br i1 %179, label %180, label %182 %183 = call i64 @__fdget(i32 %178) #69 %184 = and i64 %183, -4 %185 = inttoptr i64 %184 to %struct.file.135678* %186 = icmp eq i64 %184, 0 br i1 %186, label %187, label %189 %190 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 1 %191 = load i16, i16* %190, align 4 %192 = and i16 %191, 10215 %193 = or i16 %192, 24 %194 = zext i16 %193 to i32 %195 = or i32 %174, %194 store i32 %195, i32* %69, align 8 %196 = getelementptr inbounds %struct.file.135678, %struct.file.135678* %185, i64 0, i32 3 %197 = load %struct.file_operations.135632*, %struct.file_operations.135632** %196, align 8 %198 = getelementptr inbounds %struct.file_operations.135632, %struct.file_operations.135632* %197, i64 0, i32 9 %199 = load i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)*, i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)** %198, align 8 %200 = icmp eq i32 (%struct.file.135678*, %struct.poll_table_struct.135613*)* %199, null br i1 %200, label %203, label %201, !prof !5, !misexpect !6 %202 = call i32 %199(%struct.file.135678* nonnull %185, %struct.poll_table_struct.135613* nonnull %75) #69 br label %203 %204 = phi i32 [ %202, %201 ], [ 325, %189 ] %205 = and i32 %204, %174 %206 = icmp eq i32 %205, 0 %207 = select i1 %206, i8 %176, i8 1 %208 = and i32 %204, %194 %209 = and i64 %183, 1 %210 = icmp eq i64 %209, 0 br i1 %210, label %212, label %211 call void bitcast (void (%struct.file.131664*)* @fput to void (%struct.file.135678*)*)(%struct.file.135678* nonnull %185) #69 br label %212 %213 = trunc i32 %208 to i16 %214 = getelementptr inbounds %struct.perf_event_header, %struct.perf_event_header* %173, i64 0, i32 2 store i16 %213, i16* %214, align 2 %215 = icmp eq i32 %208, 0 br i1 %215, label %218, label %216 %217 = add i32 %175, 1 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 br label %218 %219 = phi i8 [ %207, %212 ], [ 0, %216 ], [ %176, %180 ] %220 = phi i32 [ %175, %212 ], [ %217, %216 ], [ %175, %180 ] %221 = phi i32 [ %174, %212 ], [ 0, %216 ], [ %174, %180 ] %222 = getelementptr %struct.perf_event_header, %struct.perf_event_header* %173, i64 1 %223 = icmp eq %struct.perf_event_header* %222, %170 br i1 %223, label %224, label %172 %225 = phi i8 [ %165, %161 ], [ %219, %218 ] %226 = phi i32 [ %164, %161 ], [ %220, %218 ] %227 = phi i32 [ %163, %161 ], [ %221, %218 ] %228 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %162, i64 0, i32 0 %229 = load %struct.poll_list*, %struct.poll_list** %228, align 8 %230 = getelementptr inbounds %struct.poll_list, %struct.poll_list* %229, i64 0, i32 1 %231 = icmp eq %struct.poll_list* %229, null br i1 %231, label %232, label %161 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %68, align 8 %233 = icmp eq i32 %226, 0 br i1 %233, label %234, label %240 %235 = load i32, i32* %72, align 4 %236 = load volatile i64, i64* %142, align 8 %237 = and i64 %236, 4 %238 = icmp eq i64 %237, 0 %239 = select i1 %238, i32 %235, i32 -514 br label %240 %241 = phi i32 [ %226, %232 ], [ %239, %234 ] %242 = or i32 %241, %158 %243 = icmp eq i32 %242, 0 br i1 %243, label %244, label %291 %245 = icmp eq i8 %225, 0 br i1 %245, label %265, label %246 %247 = load volatile i64, i64* %142, align 8 %248 = and i64 %247, 8 %249 = icmp eq i64 %248, 0 br i1 %249, label %250, label %265 br i1 %151, label %251, label %255 %256 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %257 = icmp eq i32 %256, 0 br i1 %257, label %265, label %258 %259 = zext i32 %256 to i64 %260 = add nuw nsw i64 %149, %259 %261 = call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !9 %262 = call i64 @sched_clock_cpu(i32 %261) #69 %263 = lshr i64 %262, 10 %264 = icmp ult i64 %260, %263 br i1 %264, label %265, label %157 %266 = icmp ne i64* %156, null %267 = or i1 %80, %266 br i1 %267, label %275, label %268 %269 = load i64, i64* %140, align 8 %270 = load i64, i64* %141, align 8 %271 = icmp sgt i64 %269, 9223372035 %272 = mul i64 %269, 1000000000 %273 = add i64 %272, %270 %274 = select i1 %271, i64 9223372036854775807, i64 %273, !prof !5 store i64 %274, i64* %7, align 8 br label %275 %276 = phi i64* [ %156, %265 ], [ %7, %268 ] store volatile i64 1, i64* %6, align 8 %277 = load volatile i64, i64* %6, align 8 %278 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %143, i64 %277, i64* %143) #6, !srcloc !10 store volatile i64 %278, i64* %6, align 8 %279 = load volatile i64, i64* %6, align 8 %280 = load i32, i32* %71, align 8 %281 = icmp eq i32 %280, 0 br i1 %281, label %286, label %282 %287 = call i32 @schedule_hrtimeout_range(i64* %276, i64 %139, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 do_compat_pselect 14 __ia32_compat_sys_pselect6_time32 ------------- Path:  Function:__ia32_compat_sys_pselect6_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to i32* %21 = inttoptr i64 %9 to i32* %22 = inttoptr i64 %12 to i32* %23 = inttoptr i64 %18 to i8* %24 = icmp eq i64 %18, 0 br i1 %24, label %45, label %25 %26 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %26, i64 0, i32 163, i32 17, i32 0 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, -8 %30 = icmp ult i64 %29, %18 br i1 %30, label %52, label %31, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %32 = inttoptr i64 %18 to %struct.__large_struct* %33 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %32, i32 -14, i32 0) #6, !srcloc !9 %34 = extractvalue { i32, i64 } %33, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %52, !prof !11, !misexpect !12 %37 = extractvalue { i32, i64 } %33, 1 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %38 = getelementptr i8, i8* %23, i64 4 %39 = bitcast i8* %38 to %struct.__large_struct* %40 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %39, i32 -14, i32 0) #6, !srcloc !14 %41 = extractvalue { i32, i64 } %40, 1 %42 = extractvalue { i32, i64 } %40, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %43 = trunc i64 %41 to i32 %44 = icmp eq i32 %42, 0 br i1 %44, label %45, label %52, !prof !11, !misexpect !12 %46 = phi i64 [ %37, %36 ], [ 0, %1 ] %47 = phi i32 [ %43, %36 ], [ 0, %1 ] %48 = inttoptr i64 %15 to i8* %49 = and i64 %46, 4294967295 %50 = inttoptr i64 %49 to %struct.kernel_cap_struct* %51 = tail call fastcc i64 @do_compat_pselect(i32 %19, i32* %20, i32* %21, i32* %22, i8* %48, %struct.kernel_cap_struct* %50, i32 %47, i32 3) #69 Function:do_compat_pselect %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.anon.54* %9 to i8* %12 = bitcast %struct.anon.54* %10 to i8* %13 = icmp eq i8* %4, null br i1 %13, label %43, label %14 switch i32 %7, label %22 [ i32 3, label %15 i32 2, label %18 ] %16 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %9, i8* nonnull %4) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %54 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %54 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 br label %43 %44 = phi %struct.anon.54* [ null, %8 ], [ %10, %35 ], [ %10, %34 ] %45 = zext i32 %6 to i64 %46 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %5, i64 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %50, label %48 %51 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.anon.54* %44) #70 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 do_compat_pselect 14 __ia32_compat_sys_pselect6_time64 ------------- Path:  Function:__ia32_compat_sys_pselect6_time64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to i32* %21 = inttoptr i64 %9 to i32* %22 = inttoptr i64 %12 to i32* %23 = inttoptr i64 %18 to i8* %24 = icmp eq i64 %18, 0 br i1 %24, label %45, label %25 %26 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %26, i64 0, i32 163, i32 17, i32 0 %28 = load i64, i64* %27, align 8 %29 = add i64 %28, -8 %30 = icmp ult i64 %29, %18 br i1 %30, label %52, label %31, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %32 = inttoptr i64 %18 to %struct.__large_struct* %33 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %32, i32 -14, i32 0) #6, !srcloc !9 %34 = extractvalue { i32, i64 } %33, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %52, !prof !11, !misexpect !12 %37 = extractvalue { i32, i64 } %33, 1 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %38 = getelementptr i8, i8* %23, i64 4 %39 = bitcast i8* %38 to %struct.__large_struct* %40 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %39, i32 -14, i32 0) #6, !srcloc !14 %41 = extractvalue { i32, i64 } %40, 1 %42 = extractvalue { i32, i64 } %40, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %43 = trunc i64 %41 to i32 %44 = icmp eq i32 %42, 0 br i1 %44, label %45, label %52, !prof !11, !misexpect !12 %46 = phi i64 [ %37, %36 ], [ 0, %1 ] %47 = phi i32 [ %43, %36 ], [ 0, %1 ] %48 = inttoptr i64 %15 to i8* %49 = and i64 %46, 4294967295 %50 = inttoptr i64 %49 to %struct.kernel_cap_struct* %51 = tail call fastcc i64 @do_compat_pselect(i32 %19, i32* %20, i32* %21, i32* %22, i8* %48, %struct.kernel_cap_struct* %50, i32 %47, i32 2) #69 Function:do_compat_pselect %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.anon.54* %9 to i8* %12 = bitcast %struct.anon.54* %10 to i8* %13 = icmp eq i8* %4, null br i1 %13, label %43, label %14 switch i32 %7, label %22 [ i32 3, label %15 i32 2, label %18 ] %16 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %9, i8* nonnull %4) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %23, label %54 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %54 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 br label %43 %44 = phi %struct.anon.54* [ null, %8 ], [ %10, %35 ], [ %10, %34 ] %45 = zext i32 %6 to i64 %46 = call i32 @set_compat_user_sigmask(%struct.kernel_cap_struct* %5, i64 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %50, label %48 %51 = call fastcc i32 @compat_core_sys_select(i32 %0, i32* %1, i32* %2, i32* %3, %struct.anon.54* %44) #70 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_old_select ------------- Path:  Function:__ia32_compat_sys_old_select %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.util_est, align 4 %4 = alloca %struct.gnet_stats_queue, align 4 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = bitcast %struct.gnet_stats_queue* %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = call i64 @_copy_from_user(i8* nonnull %8, i8* %9, i64 20) #69 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %70 %13 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 %14 = load i32, i32* %13, align 4 %15 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 %16 = load i32, i32* %15, align 4 %17 = zext i32 %16 to i64 %18 = inttoptr i64 %17 to i32* %19 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = inttoptr i64 %21 to i32* %23 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 %24 = load i32, i32* %23, align 4 %25 = zext i32 %24 to i64 %26 = inttoptr i64 %25 to i32* %27 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 %28 = load i32, i32* %27, align 4 %29 = zext i32 %28 to i64 %30 = inttoptr i64 %29 to i8* %31 = bitcast %struct.anon.54* %2 to i8* %32 = bitcast %struct.util_est* %3 to i8* %33 = icmp eq i32 %28, 0 br i1 %33, label %63, label %34 %35 = call i64 @_copy_from_user(i8* nonnull %32, i8* nonnull %30, i64 8) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %68 %38 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %39 = load i32, i32* %38, align 4 %40 = sext i32 %39 to i64 %41 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %42 = load i32, i32* %41, align 4 %43 = sext i32 %42 to i64 %44 = sdiv i64 %43, 1000000 %45 = add nsw i64 %44, %40 %46 = srem i64 %43, 1000000 %47 = mul nsw i64 %46, 1000 %48 = icmp sgt i64 %45, -1 %49 = icmp ult i64 %47, 1000000000 %50 = and i1 %48, %49 br i1 %50, label %51, label %68 %52 = or i64 %47, %45 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %55 call void @ktime_get_ts64(%struct.anon.54* nonnull %2) #69 %56 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %57 = load i64, i64* %56, align 8 %58 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %59 = load i64, i64* %58, align 8 %60 = call { i64, i64 } @timespec64_add_safe(i64 %57, i64 %59, i64 %45, i64 %47) #69 %61 = extractvalue { i64, i64 } %60, 0 %62 = extractvalue { i64, i64 } %60, 1 store i64 %61, i64* %56, align 8 store i64 %62, i64* %58, align 8 br label %63 %64 = phi %struct.anon.54* [ null, %12 ], [ %2, %55 ], [ %2, %54 ] %65 = call fastcc i32 @compat_core_sys_select(i32 %14, i32* %18, i32* %22, i32* %26, %struct.anon.54* %64) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 compat_core_sys_select 13 __ia32_compat_sys_select ------------- Path:  Function:__ia32_compat_sys_select %2 = alloca %struct.anon.54, align 8 %3 = alloca %struct.util_est, align 4 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %5 to i32 %19 = inttoptr i64 %8 to i32* %20 = inttoptr i64 %11 to i32* %21 = inttoptr i64 %14 to i32* %22 = bitcast %struct.anon.54* %2 to i8* %23 = bitcast %struct.util_est* %3 to i8* %24 = icmp eq i64 %17, 0 %25 = inttoptr i64 %17 to i8* br i1 %24, label %55, label %26 %27 = call i64 @_copy_from_user(i8* nonnull %23, i8* nonnull %25, i64 8) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %60 %30 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 0 %31 = load i32, i32* %30, align 4 %32 = sext i32 %31 to i64 %33 = getelementptr inbounds %struct.util_est, %struct.util_est* %3, i64 0, i32 1 %34 = load i32, i32* %33, align 4 %35 = sext i32 %34 to i64 %36 = sdiv i64 %35, 1000000 %37 = add nsw i64 %36, %32 %38 = srem i64 %35, 1000000 %39 = mul nsw i64 %38, 1000 %40 = icmp sgt i64 %37, -1 %41 = icmp ult i64 %39, 1000000000 %42 = and i1 %40, %41 br i1 %42, label %43, label %60 %44 = or i64 %39, %37 %45 = icmp eq i64 %44, 0 br i1 %45, label %46, label %47 call void @ktime_get_ts64(%struct.anon.54* nonnull %2) #69 %48 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %49 = load i64, i64* %48, align 8 %50 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %51 = load i64, i64* %50, align 8 %52 = call { i64, i64 } @timespec64_add_safe(i64 %49, i64 %51, i64 %37, i64 %39) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 store i64 %53, i64* %48, align 8 store i64 %54, i64* %50, align 8 br label %55 %56 = phi %struct.anon.54* [ null, %1 ], [ %2, %47 ], [ %2, %46 ] %57 = call fastcc i32 @compat_core_sys_select(i32 %18, i32* %19, i32* %20, i32* %21, %struct.anon.54* %56) #69 Function:compat_core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %131, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl i64 %25, 35 %27 = ashr exact i64 %26, 32 %28 = icmp ugt i64 %27, 42 br i1 %28, label %29, label %36 %31 = extractvalue { i64, i1 } %30, 1 br i1 %31, label %131, label %32, !prof !7, !misexpect !8 %33 = extractvalue { i64, i1 } %30, 0 %34 = tail call noalias align 8 i8* @__kmalloc(i64 %33, i32 3264) #69 %35 = icmp eq i8* %34, null br i1 %35, label %131, label %36 %37 = phi i8* [ %34, %32 ], [ %9, %11 ] %38 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %37, i8** %38, align 8 %39 = getelementptr i8, i8* %37, i64 %27 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = shl i64 %25, 36 %43 = ashr exact i64 %42, 32 %44 = getelementptr i8, i8* %37, i64 %43 %45 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %46 = bitcast i64** %45 to i8** store i8* %44, i8** %46, align 8 %47 = mul i64 %25, 103079215104 %48 = ashr exact i64 %47, 32 %49 = getelementptr i8, i8* %37, i64 %48 %50 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %51 = bitcast i64** %50 to i8** store i8* %49, i8** %51, align 8 %52 = shl i64 %25, 37 %53 = ashr exact i64 %52, 32 %54 = getelementptr i8, i8* %37, i64 %53 %55 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %56 = bitcast i64** %55 to i8** store i8* %54, i8** %56, align 8 %57 = mul i64 %25, 171798691840 %58 = ashr exact i64 %57, 32 %59 = getelementptr i8, i8* %37, i64 %58 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %61 = bitcast i64** %60 to i8** store i8* %59, i8** %61, align 8 %62 = icmp eq i32* %1, null br i1 %62, label %63, label %66 %64 = shl nuw nsw i64 %25, 3 %65 = load i64*, i64** %40, align 8 br label %72 %73 = phi i64* [ %65, %63 ], [ %67, %66 ] %74 = icmp eq i32* %2, null br i1 %74, label %75, label %78 %76 = bitcast i64* %73 to i8* %77 = shl nuw nsw i64 %25, 3 br label %82 %83 = load i64*, i64** %45, align 8 %84 = icmp eq i32* %3, null br i1 %84, label %85, label %88 %89 = call i64 @compat_get_bitmap(i64* %83, i32* nonnull %3, i64 %23) #69 %90 = trunc i64 %89 to i32 %91 = icmp eq i32 %90, 0 br i1 %91, label %92, label %127 %93 = shl nuw nsw i64 %25, 3 br label %94 %95 = phi i64 [ %93, %92 ], [ %87, %85 ] %96 = load i64*, i64** %50, align 8 %97 = bitcast i64* %96 to i8* %98 = load i64*, i64** %55, align 8 %99 = bitcast i64* %98 to i8* %100 = load i64*, i64** %60, align 8 %101 = bitcast i64* %100 to i8* %102 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __ia32_sys_pselect6 ------------- Path:  Function:__ia32_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_pselect6(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.tcp_mib* %11 = inttoptr i64 %2 to %struct.tcp_mib* %12 = inttoptr i64 %3 to %struct.tcp_mib* %13 = inttoptr i64 %4 to %struct.anon.54* %14 = inttoptr i64 %5 to i8* %15 = icmp eq i64 %5, 0 br i1 %15, label %36, label %16 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 163, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = add i64 %19, -16 %21 = icmp ult i64 %20, %5 br i1 %21, label %78, label %22, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %23 = inttoptr i64 %5 to %struct.__large_struct* %24 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %23, i32 -14, i32 0) #6, !srcloc !9 %25 = extractvalue { i32, i64 } %24, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %78, !prof !11, !misexpect !12 %28 = extractvalue { i32, i64 } %24, 1 %29 = inttoptr i64 %28 to %struct.cpumask* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %30 = getelementptr i8, i8* %14, i64 8 %31 = bitcast i8* %30 to %struct.__large_struct* %32 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %31, i32 -14, i32 0) #6, !srcloc !14 %33 = extractvalue { i32, i64 } %32, 1 %34 = extractvalue { i32, i64 } %32, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %78, !prof !11, !misexpect !12 %37 = phi %struct.cpumask* [ %29, %27 ], [ null, %6 ] %38 = phi i64 [ %33, %27 ], [ 0, %6 ] %39 = inttoptr i64 %4 to i8* %40 = bitcast %struct.anon.54* %7 to i8* %41 = bitcast %struct.anon.54* %8 to i8* %42 = icmp eq i64 %4, 0 br i1 %42, label %66, label %43 %44 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %13) #69 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %76 %47 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp sgt i64 %48, -1 %52 = icmp ult i64 %50, 1000000000 %53 = and i1 %51, %52 br i1 %53, label %54, label %76 %55 = or i64 %50, %48 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 call void @ktime_get_ts64(%struct.anon.54* nonnull %8) #69 %59 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %60 = load i64, i64* %59, align 8 %61 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %62 = load i64, i64* %61, align 8 %63 = call { i64, i64 } @timespec64_add_safe(i64 %60, i64 %62, i64 %48, i64 %50) #69 %64 = extractvalue { i64, i64 } %63, 0 %65 = extractvalue { i64, i64 } %63, 1 store i64 %64, i64* %59, align 8 store i64 %65, i64* %61, align 8 br label %66 %67 = phi %struct.anon.54* [ null, %36 ], [ %8, %58 ], [ %8, %57 ] %68 = call i32 @set_user_sigmask(%struct.cpumask* %37, i64 %38) #69 %69 = icmp eq i32 %68, 0 br i1 %69, label %72, label %70 %73 = call i32 @core_sys_select(i32 %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.tcp_mib* %12, %struct.anon.54* %67) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_pselect6 14 __x64_sys_pselect6 ------------- Path:  Function:__x64_sys_pselect6 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_pselect6(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_pselect6 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = inttoptr i64 %1 to %struct.tcp_mib* %11 = inttoptr i64 %2 to %struct.tcp_mib* %12 = inttoptr i64 %3 to %struct.tcp_mib* %13 = inttoptr i64 %4 to %struct.anon.54* %14 = inttoptr i64 %5 to i8* %15 = icmp eq i64 %5, 0 br i1 %15, label %36, label %16 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 163, i32 17, i32 0 %19 = load i64, i64* %18, align 8 %20 = add i64 %19, -16 %21 = icmp ult i64 %20, %5 br i1 %21, label %78, label %22, !prof !5, !misexpect !6 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %23 = inttoptr i64 %5 to %struct.__large_struct* %24 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* nonnull %23, i32 -14, i32 0) #6, !srcloc !9 %25 = extractvalue { i32, i64 } %24, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %78, !prof !11, !misexpect !12 %28 = extractvalue { i32, i64 } %24, 1 %29 = inttoptr i64 %28 to %struct.cpumask* tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %30 = getelementptr i8, i8* %14, i64 8 %31 = bitcast i8* %30 to %struct.__large_struct* %32 = tail call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %31, i32 -14, i32 0) #6, !srcloc !14 %33 = extractvalue { i32, i64 } %32, 1 %34 = extractvalue { i32, i64 } %32, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %78, !prof !11, !misexpect !12 %37 = phi %struct.cpumask* [ %29, %27 ], [ null, %6 ] %38 = phi i64 [ %33, %27 ], [ 0, %6 ] %39 = inttoptr i64 %4 to i8* %40 = bitcast %struct.anon.54* %7 to i8* %41 = bitcast %struct.anon.54* %8 to i8* %42 = icmp eq i64 %4, 0 br i1 %42, label %66, label %43 %44 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %13) #69 %45 = icmp eq i32 %44, 0 br i1 %45, label %46, label %76 %47 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %48 = load i64, i64* %47, align 8 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp sgt i64 %48, -1 %52 = icmp ult i64 %50, 1000000000 %53 = and i1 %51, %52 br i1 %53, label %54, label %76 %55 = or i64 %50, %48 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %58 call void @ktime_get_ts64(%struct.anon.54* nonnull %8) #69 %59 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %60 = load i64, i64* %59, align 8 %61 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %62 = load i64, i64* %61, align 8 %63 = call { i64, i64 } @timespec64_add_safe(i64 %60, i64 %62, i64 %48, i64 %50) #69 %64 = extractvalue { i64, i64 } %63, 0 %65 = extractvalue { i64, i64 } %63, 1 store i64 %64, i64* %59, align 8 store i64 %65, i64* %61, align 8 br label %66 %67 = phi %struct.anon.54* [ null, %36 ], [ %8, %58 ], [ %8, %57 ] %68 = call i32 @set_user_sigmask(%struct.cpumask* %37, i64 %38) #69 %69 = icmp eq i32 %68, 0 br i1 %69, label %72, label %70 %73 = call i32 @core_sys_select(i32 %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.tcp_mib* %12, %struct.anon.54* %67) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __ia32_sys_select ------------- Path:  Function:__ia32_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_select(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_select %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.54* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.54* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 __hrtimer_start_range_ns 8 hrtimer_start_range_ns 9 schedule_hrtimeout_range_clock 10 schedule_hrtimeout_range 11 do_select 12 core_sys_select 13 __se_sys_select 14 __x64_sys_select ------------- Path:  Function:__x64_sys_select %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_select(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_select %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = trunc i64 %0 to i32 %9 = inttoptr i64 %1 to %struct.tcp_mib* %10 = inttoptr i64 %2 to %struct.tcp_mib* %11 = inttoptr i64 %3 to %struct.tcp_mib* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = inttoptr i64 %4 to i8* br i1 %14, label %43, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %13, i8* nonnull %15, i64 16) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %48 %20 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = sdiv i64 %23, 1000000 %25 = add i64 %24, %21 %26 = srem i64 %23, 1000000 %27 = mul nsw i64 %26, 1000 %28 = icmp sgt i64 %25, -1 %29 = icmp ult i64 %27, 1000000000 %30 = and i1 %28, %29 br i1 %30, label %31, label %48 %32 = or i64 %27, %25 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %35 call void @ktime_get_ts64(%struct.anon.54* nonnull %6) #69 %36 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %37 = load i64, i64* %36, align 8 %38 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %39 = load i64, i64* %38, align 8 %40 = call { i64, i64 } @timespec64_add_safe(i64 %37, i64 %39, i64 %25, i64 %27) #69 %41 = extractvalue { i64, i64 } %40, 0 %42 = extractvalue { i64, i64 } %40, 1 store i64 %41, i64* %36, align 8 store i64 %42, i64* %38, align 8 br label %43 %44 = phi %struct.anon.54* [ %6, %34 ], [ %6, %35 ], [ null, %5 ] %45 = call i32 @core_sys_select(i32 %8, %struct.tcp_mib* %9, %struct.tcp_mib* %10, %struct.tcp_mib* %11, %struct.anon.54* %44) #69 Function:core_sys_select %6 = alloca %struct.fd_set_bits, align 8 %7 = alloca [32 x i64], align 16 %8 = bitcast %struct.fd_set_bits* %6 to i8* %9 = bitcast [32 x i64]* %7 to i8* %10 = icmp slt i32 %0, 0 br i1 %10, label %128, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %13 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %12, i64 0, i32 85 %14 = load %struct.files_struct.136198*, %struct.files_struct.136198** %13, align 8 %15 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %14, i64 0, i32 3 %16 = bitcast %struct.fdtable.136197** %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = inttoptr i64 %17 to %struct.fdtable.136197* %19 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %18, i64 0, i32 0 %20 = load i32, i32* %19, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = icmp slt i32 %20, %0 %22 = select i1 %21, i32 %20, i32 %0 %23 = sext i32 %22 to i64 %24 = add nsw i64 %23, 63 %25 = lshr i64 %24, 6 %26 = shl nuw nsw i64 %25, 3 %27 = icmp ugt i64 %24, 383 br i1 %27, label %28, label %32 %29 = mul nuw i64 %25, 48 %30 = tail call i8* @kvmalloc_node(i64 %29, i32 3264, i32 -1) #69 %31 = icmp eq i8* %30, null br i1 %31, label %128, label %32 %33 = phi i8* [ %30, %28 ], [ %9, %11 ] %34 = bitcast %struct.fd_set_bits* %6 to i8** store i8* %33, i8** %34, align 8 %35 = getelementptr i8, i8* %33, i64 %26 %36 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 1 %37 = bitcast i64** %36 to i8** store i8* %35, i8** %37, align 8 %38 = shl nuw nsw i64 %25, 4 %39 = getelementptr i8, i8* %33, i64 %38 %40 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 2 %41 = bitcast i64** %40 to i8** store i8* %39, i8** %41, align 8 %42 = mul nuw nsw i64 %25, 24 %43 = getelementptr i8, i8* %33, i64 %42 %44 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 3 %45 = bitcast i64** %44 to i8** store i8* %43, i8** %45, align 8 %46 = shl nuw nsw i64 %25, 5 %47 = getelementptr i8, i8* %33, i64 %46 %48 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 4 %49 = bitcast i64** %48 to i8** store i8* %47, i8** %49, align 8 %50 = mul nuw i64 %25, 40 %51 = getelementptr i8, i8* %33, i64 %50 %52 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %6, i64 0, i32 5 %53 = bitcast i64** %52 to i8** store i8* %51, i8** %53, align 8 %54 = bitcast %struct.tcp_mib* %1 to i8* %55 = icmp eq %struct.tcp_mib* %1, null br i1 %55, label %64, label %56 %57 = icmp ugt i64 %24, 17179869183 br i1 %57, label %58, label %59, !prof !7, !misexpect !8 %60 = call i64 @_copy_from_user(i8* nonnull %33, i8* nonnull %54, i64 %26) #69 br label %61 %62 = phi i64 [ %60, %59 ], [ %26, %58 ] %63 = icmp eq i64 %62, 0 br i1 %63, label %65, label %124 %66 = bitcast %struct.tcp_mib* %2 to i8* %67 = icmp eq %struct.tcp_mib* %2, null br i1 %67, label %76, label %68 %69 = icmp ugt i64 %24, 17179869183 br i1 %69, label %70, label %71, !prof !7, !misexpect !8 %72 = call i64 @_copy_from_user(i8* %35, i8* nonnull %66, i64 %26) #69 br label %73 %74 = phi i64 [ %72, %71 ], [ %26, %70 ] %75 = icmp eq i64 %74, 0 br i1 %75, label %77, label %124 %78 = bitcast %struct.tcp_mib* %3 to i8* %79 = icmp eq %struct.tcp_mib* %3, null br i1 %79, label %88, label %80 %81 = icmp ugt i64 %24, 17179869183 br i1 %81, label %82, label %83, !prof !7, !misexpect !8 %84 = call i64 @_copy_from_user(i8* %39, i8* nonnull %78, i64 %26) #69 br label %85 %86 = phi i64 [ %84, %83 ], [ %26, %82 ] %87 = icmp eq i64 %86, 0 br i1 %87, label %89, label %124 %90 = call fastcc i32 @do_select(i32 %22, %struct.fd_set_bits* nonnull %6, %struct.anon.54* %4) #70 Function:do_select %4 = alloca i64, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.poll_wqueues, align 8 %9 = bitcast i64* %7 to i8* %10 = bitcast %struct.poll_wqueues* %8 to i8* %11 = load volatile i32, i32* @sysctl_net_busy_poll, align 4 %12 = icmp eq i32 %11, 0 %13 = select i1 %12, i32 0, i32 32768 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = sext i32 %0 to i64 %15 = and i64 %14, 63 %16 = lshr i64 %14, 6 %17 = tail call %struct.task_struct.136262* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.136262** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.136262**)) #10, !srcloc !5 %18 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 85 %19 = load %struct.files_struct.136198*, %struct.files_struct.136198** %18, align 8 %20 = getelementptr inbounds %struct.files_struct.136198, %struct.files_struct.136198* %19, i64 0, i32 3 %21 = bitcast %struct.fdtable.136197** %20 to i64* %22 = load volatile i64, i64* %21, align 8 %23 = inttoptr i64 %22 to %struct.fdtable.136197* %24 = getelementptr inbounds %struct.fdtable.136197, %struct.fdtable.136197* %23, i64 0, i32 3 %25 = load i64*, i64** %24, align 8 %26 = getelementptr i64, i64* %25, i64 %16 %27 = icmp eq i64 %15, 0 br i1 %27, label %52, label %28 %53 = phi i32 [ %100, %97 ], [ 0, %28 ], [ 0, %3 ] %54 = phi i64* [ %89, %97 ], [ %26, %28 ], [ %26, %3 ] %55 = phi i64 [ %90, %97 ], [ %16, %28 ], [ %16, %3 ] %56 = icmp eq i64 %55, 0 br i1 %56, label %102, label %57 %58 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %59 = load i64*, i64** %58, align 8 %60 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %61 = load i64*, i64** %60, align 8 %62 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %63 = load i64*, i64** %62, align 8 %64 = icmp eq i32 %53, 0 br label %65 %66 = phi i64 [ %55, %57 ], [ %69, %79 ] %67 = phi i64* [ %54, %57 ], [ %68, %79 ] %68 = getelementptr i64, i64* %67, i64 -1 %69 = add i64 %66, -1 %70 = getelementptr i64, i64* %59, i64 %69 %71 = load i64, i64* %70, align 8 %72 = getelementptr i64, i64* %61, i64 %69 %73 = load i64, i64* %72, align 8 %74 = or i64 %73, %71 %75 = getelementptr i64, i64* %63, i64 %69 %76 = load i64, i64* %75, align 8 %77 = or i64 %74, %76 %78 = icmp eq i64 %77, 0 br i1 %78, label %79, label %81 %82 = load i64, i64* %68, align 8 %83 = xor i64 %82, -1 %84 = and i64 %77, %83 %85 = icmp eq i64 %84, 0 br i1 %85, label %86, label %101 br i1 %64, label %87, label %79 %80 = icmp eq i64 %69, 0 br i1 %80, label %102, label %65 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %103 = icmp slt i32 %53, 0 br i1 %103, label %412, label %104 %105 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 0 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* @__pollwait, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %106 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0, i32 1 store i32 -1, i32* %106, align 8 %107 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 2 store %struct.task_struct.136262* %17, %struct.task_struct.136262** %107, align 8 %108 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 3 store i32 0, i32* %108, align 8 %109 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 4 store i32 0, i32* %109, align 4 %110 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 1 store %struct.poll_table_page* null, %struct.poll_table_page** %110, align 8 %111 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 5 store i32 0, i32* %111, align 8 %112 = getelementptr inbounds %struct.poll_wqueues, %struct.poll_wqueues* %8, i64 0, i32 0 %113 = icmp eq %struct.anon.54* %2, null br i1 %113, label %170, label %114 %115 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %116 = load i64, i64* %115, align 8 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %123 %119 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %120 = load i64, i64* %119, align 8 %121 = icmp eq i64 %120, 0 br i1 %121, label %122, label %123 store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 br label %170 %171 = phi i32 [ 0, %168 ], [ 1, %122 ], [ 0, %104 ] %172 = phi i64 [ %169, %168 ], [ 0, %122 ], [ 0, %104 ] %173 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 0, i32 0 %174 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 0 %175 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 1 %176 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 2 %177 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 3 %178 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 4 %179 = getelementptr inbounds %struct.fd_set_bits, %struct.fd_set_bits* %1, i64 0, i32 5 %180 = icmp sgt i32 %53, 0 %181 = getelementptr %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %182 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %183 = getelementptr inbounds %struct.task_struct.136262, %struct.task_struct.136262* %17, i64 0, i32 1 %184 = bitcast i64* %4 to i8* br label %185 %186 = phi i64 [ %373, %370 ], [ 0, %170 ] %187 = phi i32 [ %351, %370 ], [ %13, %170 ] %188 = phi i32 [ 0, %370 ], [ %171, %170 ] %189 = phi i64* [ %194, %370 ], [ null, %170 ] %190 = icmp eq i64 %186, 0 br label %191 %192 = phi i32 [ %187, %185 ], [ 0, %403 ] %193 = phi i32 [ %188, %185 ], [ %404, %403 ] %194 = phi i64* [ %189, %185 ], [ %395, %403 ] br label %195 %196 = phi i32 [ %351, %377 ], [ %192, %191 ] %197 = phi i32 [ 0, %377 ], [ %193, %191 ] br i1 %180, label %198, label %349 %199 = load i64*, i64** %179, align 8 %200 = load i64*, i64** %178, align 8 %201 = load i64*, i64** %177, align 8 %202 = load i64*, i64** %176, align 8 %203 = load i64*, i64** %175, align 8 %204 = load i64*, i64** %174, align 8 br label %205 %206 = phi i32 [ %344, %340 ], [ 0, %198 ] %207 = phi i32 [ %343, %340 ], [ 0, %198 ] %208 = phi i32 [ %342, %340 ], [ %196, %198 ] %209 = phi i64* [ %345, %340 ], [ %201, %198 ] %210 = phi i8 [ %341, %340 ], [ 0, %198 ] %211 = phi i64* [ %220, %340 ], [ %202, %198 ] %212 = phi i64* [ %218, %340 ], [ %203, %198 ] %213 = phi i64* [ %216, %340 ], [ %204, %198 ] %214 = phi i64* [ %347, %340 ], [ %199, %198 ] %215 = phi i64* [ %346, %340 ], [ %200, %198 ] %216 = getelementptr i64, i64* %213, i64 1 %217 = load i64, i64* %213, align 8 %218 = getelementptr i64, i64* %212, i64 1 %219 = load i64, i64* %212, align 8 %220 = getelementptr i64, i64* %211, i64 1 %221 = load i64, i64* %211, align 8 %222 = or i64 %219, %217 %223 = or i64 %222, %221 %224 = icmp eq i64 %223, 0 br i1 %224, label %227, label %225 %226 = icmp slt i32 %207, %53 br i1 %226, label %229, label %334 %335 = phi i32 [ %318, %331 ], [ %318, %333 ], [ %206, %225 ] %336 = phi i32 [ %320, %331 ], [ %320, %333 ], [ %207, %225 ] %337 = phi i32 [ %314, %331 ], [ %314, %333 ], [ %208, %225 ] %338 = phi i8 [ %313, %331 ], [ %313, %333 ], [ %210, %225 ] %339 = call i32 @_cond_resched() #69 br label %340 %341 = phi i8 [ %210, %227 ], [ %338, %334 ] %342 = phi i32 [ %208, %227 ], [ %337, %334 ] %343 = phi i32 [ %228, %227 ], [ %336, %334 ] %344 = phi i32 [ %206, %227 ], [ %335, %334 ] %345 = getelementptr i64, i64* %209, i64 1 %346 = getelementptr i64, i64* %215, i64 1 %347 = getelementptr i64, i64* %214, i64 1 %348 = icmp slt i32 %343, %53 br i1 %348, label %205, label %349 %350 = phi i8 [ 0, %195 ], [ %341, %340 ] %351 = phi i32 [ %196, %195 ], [ %342, %340 ] %352 = phi i32 [ 0, %195 ], [ %344, %340 ] store void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)* null, void (%struct.file.135678*, %struct.wait_queue_head*, %struct.poll_table_struct.135613*)** %105, align 8 %353 = or i32 %352, %197 %354 = icmp eq i32 %353, 0 br i1 %354, label %355, label %410 %356 = load volatile i64, i64* %173, align 8 %357 = and i64 %356, 4 %358 = icmp eq i64 %357, 0 br i1 %358, label %359, label %410 %360 = load i32, i32* %109, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %410 %363 = and i8 %350, 1 %364 = icmp eq i8 %363, 0 br i1 %364, label %384, label %365 %366 = load volatile i64, i64* %173, align 8 %367 = and i64 %366, 8 %368 = icmp eq i64 %367, 0 br i1 %368, label %369, label %384 %385 = icmp ne i64* %194, null %386 = or i1 %113, %385 br i1 %386, label %394, label %387 %395 = phi i64* [ %194, %384 ], [ %7, %387 ] store volatile i64 1, i64* %4, align 8 %396 = load volatile i64, i64* %4, align 8 %397 = call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %183, i64 %396, i64* %183) #6, !srcloc !10 store volatile i64 %397, i64* %4, align 8 %398 = load volatile i64, i64* %4, align 8 %399 = load i32, i32* %108, align 8 %400 = icmp eq i32 %399, 0 br i1 %400, label %405, label %401 %406 = call i32 @schedule_hrtimeout_range(i64* %395, i64 %172, i32 0) #69 Function:schedule_hrtimeout_range %4 = tail call i32 @schedule_hrtimeout_range_clock(i64* %0, i64 %1, i32 %2, i32 1) #69 Function:schedule_hrtimeout_range_clock %5 = alloca %struct.hrtimer_sleeper.79143, align 8 %6 = bitcast %struct.hrtimer_sleeper.79143* %5 to i8* %7 = icmp eq i64* %0, null br i1 %7, label %14, label %8 %9 = load i64, i64* %0, align 8 %10 = icmp eq i64 %9, 0 br i1 %10, label %11, label %15 call void @hrtimer_init_sleeper(%struct.hrtimer_sleeper.79143* nonnull %5, i32 %3, i32 %2) #69 %16 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0 %17 = load i64, i64* %0, align 8 %18 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 1 store i64 %17, i64* %18, align 8 %19 = add i64 %17, %1 %20 = icmp slt i64 %19, 0 %21 = icmp slt i64 %19, %17 %22 = or i1 %20, %21 %23 = icmp slt i64 %19, %1 %24 = or i1 %23, %22 %25 = select i1 %24, i64 9223372036854775807, i64 %19 %26 = getelementptr inbounds %struct.hrtimer_sleeper.79143, %struct.hrtimer_sleeper.79143* %5, i64 0, i32 0, i32 0, i32 1 store i64 %25, i64* %26, align 8 %27 = sub i64 %25, %17 call void @hrtimer_start_range_ns(%struct.hrtimer* nonnull %16, i64 %17, i64 %27, i32 %2) #69 Function:hrtimer_start_range_ns %5 = lshr i32 %3, 2 %6 = and i32 %5, 1 %7 = xor i32 %6, 1 %8 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 6 %9 = load i8, i8* %8, align 2 %10 = icmp eq i8 %9, 0 %11 = zext i1 %10 to i32 %12 = icmp eq i32 %7, %11 br i1 %12, label %14, label %13, !prof !4, !misexpect !5 %15 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %16 = bitcast %struct.hrtimer_clock_base** %15 to i64* br label %17 %18 = load volatile i64, i64* %16, align 8 %19 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %20 = icmp eq %struct.hrtimer_clock_base* %19, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %20, label %31, label %21, !prof !8, !misexpect !9 %22 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %19, i64 0, i32 0 %23 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %22, align 64 %24 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %23, i64 0, i32 0 %25 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %24) #69 %26 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %15, align 8 %27 = icmp eq %struct.hrtimer_clock_base* %26, %19 br i1 %27, label %32, label %28, !prof !4, !misexpect !9 %33 = inttoptr i64 %18 to %struct.hrtimer_clock_base* %34 = tail call fastcc i32 @__hrtimer_start_range_ns(%struct.hrtimer* %0, i64 %1, i64 %2, i32 %3, %struct.hrtimer_clock_base* %33) #70 Function:__hrtimer_start_range_ns %6 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %4, i64 0, i32 0 %7 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %8 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !4 %9 = inttoptr i64 %8 to %struct.hrtimer_cpu_base* %10 = icmp eq %struct.hrtimer_cpu_base* %7, %9 %11 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %6, align 64 %12 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %11, i64 0, i32 10 %13 = load %struct.hrtimer*, %struct.hrtimer** %12, align 8 %14 = icmp eq %struct.hrtimer* %13, %0 %15 = and i1 %10, %14 %16 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %4, i1 zeroext true, i1 zeroext %15) #69 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 alarm_try_to_cancel 9 alarm_cancel 10 timerfd_release ------------- Path:  Function:timerfd_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.timerfd_ctx** %5 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 10 %7 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %6, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 11 %9 = load i8, i8* %8, align 4, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %19, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = bitcast %struct.spinlock* %6 to i8* store volatile i8 0, i8* %20, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %21 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 5 %22 = load i32, i32* %21, align 8 %23 = and i32 %22, -2 %24 = icmp eq i32 %23, 8 br i1 %24, label %25, label %28 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %5, i64 0, i32 0, i32 0 %27 = tail call i32 @alarm_cancel(%struct.alarm* %26) #69 Function:alarm_cancel %2 = tail call i32 @alarm_try_to_cancel(%struct.alarm* %0) #69 %3 = icmp sgt i32 %2, -1 br i1 %3, label %7, label %4 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = tail call i32 @alarm_try_to_cancel(%struct.alarm* %0) #69 Function:alarm_try_to_cancel %2 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %3 = load i32, i32* %2, align 8 %4 = zext i32 %3 to i64 %5 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %4, i32 0, i32 0, i32 0 %6 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %5) #69 %7 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 1 %8 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %7) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %86 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !7 br label %87 %88 = phi %struct.task_struct.54204* [ %84, %83 ], [ %86, %85 ] %89 = icmp eq %struct.task_struct.54204* %88, null br i1 %89, label %113, label %90, !prof !8, !misexpect !9 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %88, i64 0, i32 3 %92 = getelementptr inbounds %union.anon.21, %union.anon.21* %91, i64 0, i32 0, i32 0 %93 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %92, i32 1, i32* %92) #6, !srcloc !10 %94 = icmp eq i32 %93, 0 br i1 %94, label %99, label %95, !prof !8, !misexpect !11 %96 = add i32 %93, 1 %97 = or i32 %96, %93 %98 = icmp sgt i32 %97, -1 br i1 %98, label %101, label %99, !prof !12, !misexpect !11 %100 = phi i32 [ 2, %90 ], [ 1, %95 ] call void @refcount_warn_saturate(%union.anon.21* %91, i32 %100) #69 br label %101 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %102 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %88, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 __se_sys_sched_setattr 12 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %86 = call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !7 br label %87 %88 = phi %struct.task_struct.54204* [ %84, %83 ], [ %86, %85 ] %89 = icmp eq %struct.task_struct.54204* %88, null br i1 %89, label %113, label %90, !prof !8, !misexpect !9 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %88, i64 0, i32 3 %92 = getelementptr inbounds %union.anon.21, %union.anon.21* %91, i64 0, i32 0, i32 0 %93 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %92, i32 1, i32* %92) #6, !srcloc !10 %94 = icmp eq i32 %93, 0 br i1 %94, label %99, label %95, !prof !8, !misexpect !11 %96 = add i32 %93, 1 %97 = or i32 %96, %93 %98 = icmp sgt i32 %97, -1 br i1 %98, label %101, label %99, !prof !12, !misexpect !11 %100 = phi i32 [ 2, %90 ], [ 1, %95 ] call void @refcount_warn_saturate(%union.anon.21* %91, i32 %100) #69 br label %101 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %102 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %88, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 clockevents_program_min_delta 4 clockevents_program_event 5 tick_program_event 6 remove_hrtimer 7 hrtimer_try_to_cancel 8 dl_change_utilization 9 sched_dl_overflow 10 __sched_setscheduler 11 do_sched_setscheduler 12 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %61, label %23, !prof !6, !misexpect !7 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 3 %25 = getelementptr inbounds %union.anon.21, %union.anon.21* %24, i64 0, i32 0, i32 0 %26 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %25, i32 1, i32* %25) #6, !srcloc !8 %27 = icmp eq i32 %26, 0 br i1 %27, label %32, label %28, !prof !6, !misexpect !9 %29 = add i32 %26, 1 %30 = or i32 %29, %26 %31 = icmp sgt i32 %30, -1 br i1 %31, label %34, label %32, !prof !10, !misexpect !9 %33 = phi i32 [ 2, %23 ], [ 1, %28 ] call void @refcount_warn_saturate(%union.anon.21* %24, i32 %33) #69 br label %34 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %35 = bitcast %struct.sched_attr* %4 to i8* %36 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 store i32 %1, i32* %36, align 4 %37 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %21, i64 0, i32 16 %39 = load i32, i32* %38, align 8 %40 = add i32 %39, -120 store i32 %40, i32* %37, align 8 %41 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 4 %42 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 0, i32 0 %43 = load i32, i32* %42, align 4 store i32 %43, i32* %41, align 4 %44 = icmp eq i32 %1, -1 %45 = and i32 %1, 1073741824 %46 = icmp eq i32 %45, 0 %47 = or i1 %44, %46 br i1 %47, label %51, label %48 %52 = call fastcc i32 @__sched_setscheduler(%struct.task_struct.54204* nonnull %21, %struct.sched_attr* nonnull %4, i1 zeroext true, i1 zeroext true) #69 Function:__sched_setscheduler %5 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 6 br i1 %7, label %12, label %8 %13 = phi i32 [ %11, %8 ], [ -1, %4 ] br i1 %3, label %14, label %18 %19 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 2 %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %21 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %22 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 4 %23 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %1, i64 0, i32 3 %24 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 16 %25 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 87 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 18 %27 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 77 %28 = bitcast %struct.cred** %27 to i64* %29 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %30 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %31 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %32 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 br label %34 %35 = phi i32 [ %6, %18 ], [ -1, %289 ] %36 = icmp slt i32 %35, 0 br i1 %36, label %37, label %43 %44 = load i64, i64* %19, align 8 %45 = trunc i64 %44 to i32 %46 = and i32 %45, 1 switch i32 %35, label %501 [ i32 5, label %47 i32 3, label %47 i32 0, label %47 i32 6, label %47 i32 2, label %47 i32 1, label %47 ] %48 = phi i64 [ %42, %37 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ], [ %44, %43 ] %49 = phi i32 [ %41, %37 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ], [ %35, %43 ] %50 = phi i32 [ %40, %37 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ], [ %46, %43 ] %51 = phi i32 [ %41, %37 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ], [ -1, %43 ] %52 = and i64 %48, -268435584 %53 = icmp eq i64 %52, 0 br i1 %53, label %54, label %501 %55 = load i32, i32* %22, align 4 %56 = icmp ugt i32 %55, 99 br i1 %56, label %501, label %57 %58 = icmp ne i32 %49, 6 br i1 %58, label %67, label %59 %60 = tail call zeroext i1 @__checkparam_dl(%struct.sched_attr* %1) #69 br i1 %60, label %61, label %501 %62 = load i32, i32* %22, align 4 %63 = add nsw i32 %49, -1 %64 = icmp ult i32 %63, 2 %65 = icmp eq i32 %62, 0 %66 = xor i1 %64, %65 br i1 %66, label %72, label %501 %73 = phi i1 [ %64, %61 ], [ %69, %67 ] br i1 %2, label %74, label %161 %162 = load i64, i64* %19, align 8 %163 = and i64 %162, 96 %164 = icmp eq i64 %163, 0 br i1 %164, label %165, label %501 br i1 %3, label %166, label %167 tail call void @cpuset_read_lock() #69 br label %167 br label %168 %169 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %30) #69 %170 = load volatile i32, i32* %31, align 4 %171 = zext i32 %170 to i64 %172 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %171 %173 = load i64, i64* %172, align 8 %174 = add i64 %173, ptrtoint (%struct.rq* @runqueues to i64) %175 = inttoptr i64 %174 to %struct.rq* %176 = getelementptr inbounds %struct.rq, %struct.rq* %175, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %176) #69 %177 = load volatile i32, i32* %31, align 4 %178 = zext i32 %177 to i64 %179 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %178 %180 = load i64, i64* %179, align 8 %181 = add i64 %180, ptrtoint (%struct.rq* @runqueues to i64) %182 = inttoptr i64 %181 to %struct.rq* %183 = icmp eq %struct.rq* %175, %182 br i1 %183, label %184, label %187, !prof !5 %185 = load volatile i32, i32* %29, align 4 %186 = icmp eq i32 %185, 2 br i1 %186, label %187, label %195, !prof !12, !misexpect !13 %196 = inttoptr i64 %174 to %struct.rq* %197 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 21 %198 = load i32, i32* %197, align 8 %199 = and i32 %198, 2 %200 = icmp eq i32 %199, 0 br i1 %200, label %201, label %226 %227 = getelementptr inbounds %struct.rq, %struct.rq* %196, i64 0, i32 18 %228 = load %struct.task_struct.54204*, %struct.task_struct.54204** %227, align 64 %229 = icmp eq %struct.task_struct.54204* %228, %0 br i1 %229, label %497, label %230 %231 = load i32, i32* %21, align 4 %232 = icmp eq i32 %49, %231 br i1 %232, label %233, label %257, !prof !12, !misexpect !6 switch i32 %49, label %239 [ i32 3, label %234 i32 0, label %234 ] %235 = load i32, i32* %23, align 8 %236 = load i32, i32* %24, align 8 %237 = add i32 %236, -120 %238 = icmp eq i32 %235, %237 br i1 %238, label %239, label %257 br i1 %2, label %258, label %281 %259 = load i32, i32* @sysctl_sched_rt_runtime, align 4 %260 = icmp slt i32 %259, 0 %261 = or i1 %58, %260 br i1 %261, label %281, label %262 %282 = icmp eq i32 %51, -1 br i1 %282, label %290, label %283 %284 = load i32, i32* %21, align 4 %285 = icmp eq i32 %51, %284 br i1 %285, label %290, label %286, !prof !5, !misexpect !6 %291 = inttoptr i64 %174 to %struct.rq* br i1 %58, label %292, label %296 %293 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 15 %294 = load i32, i32* %293, align 4 %295 = icmp sgt i32 %294, -1 br i1 %295, label %302, label %296 %297 = tail call i32 @sched_dl_overflow(%struct.task_struct.54204* %0, i32 %49, %struct.sched_attr* %1) #69 Function:sched_dl_overflow %4 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %5 = load volatile i32, i32* %4, align 4 %6 = sext i32 %5 to i64 %7 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %6 %8 = load i64, i64* %7, align 8 %9 = add i64 %8, ptrtoint (%struct.rq* @runqueues to i64) %10 = inttoptr i64 %9 to %struct.rq* %11 = getelementptr inbounds %struct.rq, %struct.rq* %10, i64 0, i32 29 %12 = load %struct.root_domain*, %struct.root_domain** %11, align 32 %13 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9 %14 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 7 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %20 %21 = phi i64 [ %19, %17 ], [ %15, %3 ] %22 = icmp eq i32 %1, 6 br i1 %22, label %23, label %27 %28 = phi i64 [ %26, %23 ], [ 0, %20 ] %29 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %2, i64 0, i32 2 %30 = load i64, i64* %29, align 8 %31 = and i64 %30, 268435456 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %204 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %35 = load i64, i64* %34, align 8 %36 = icmp eq i64 %28, %35 br i1 %36, label %37, label %41 %38 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %39 = load i32, i32* %38, align 4 %40 = icmp eq i32 %39, 6 br i1 %40, label %204, label %41 %42 = getelementptr inbounds %struct.dl_bw, %struct.dl_bw* %13, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %42) #69 %43 = load volatile i32, i32* %4, align 4 %44 = sext i32 %43 to i64 %45 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %44 %46 = load i64, i64* %45, align 8 %47 = add i64 %46, ptrtoint (%struct.rq* @runqueues to i64) %48 = inttoptr i64 %47 to %struct.rq* %49 = getelementptr inbounds %struct.rq, %struct.rq* %48, i64 0, i32 29 %50 = load %struct.root_domain*, %struct.root_domain** %49, align 32 %51 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %50, i64 0, i32 3, i64 0 br label %52 %53 = phi i32 [ -1, %41 ], [ %55, %52 ] %54 = phi i32 [ 0, %41 ], [ %58, %52 ] %55 = tail call i32 @cpumask_next_and(i32 %53, %struct.cpumask* %51, %struct.cpumask* nonnull @__cpu_active_mask) #69 %56 = load i32, i32* @nr_cpu_ids, align 4 %57 = icmp ult i32 %55, %56 %58 = add i32 %54, 1 br i1 %57, label %52, label %59 %60 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 25 %61 = load i32, i32* %60, align 4 %62 = icmp eq i32 %61, 6 br i1 %22, label %63, label %198 br i1 %62, label %132, label %64 %133 = load i64, i64* %34, align 8 %134 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 1 %135 = load i64, i64* %134, align 8 %136 = icmp eq i64 %135, -1 br i1 %136, label %137, label %140 %138 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %139 = load i64, i64* %138, align 8 br label %148 %149 = phi i64 [ %139, %137 ], [ %144, %140 ] %150 = getelementptr inbounds %struct.root_domain, %struct.root_domain* %12, i64 0, i32 9, i32 2 %151 = sub i64 %149, %133 store i64 %151, i64* %150, align 8 %152 = trunc i64 %133 to i32 %153 = sdiv i32 %152, %54 %154 = sext i32 %153 to i64 %155 = getelementptr %struct.dl_bw, %struct.dl_bw* %13, i64 -3, i32 1 %156 = getelementptr inbounds i64, i64* %155, i64 3 %157 = bitcast i64* %156 to %struct.cpumask* %158 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %159 = load i32, i32* @nr_cpu_ids, align 4 %160 = icmp ult i32 %158, %159 br i1 %160, label %161, label %174 %162 = phi i32 [ %171, %161 ], [ %158, %148 ] %163 = sext i32 %162 to i64 %164 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %163 %165 = load i64, i64* %164, align 8 %166 = add i64 %165, ptrtoint (%struct.rq* @runqueues to i64) %167 = inttoptr i64 %166 to %struct.rq* %168 = getelementptr inbounds %struct.rq, %struct.rq* %167, i64 0, i32 12, i32 8 %169 = load i64, i64* %168, align 8 %170 = add i64 %169, %154 store i64 %170, i64* %168, align 8 %171 = tail call i32 @cpumask_next_and(i32 %162, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %172 = load i32, i32* @nr_cpu_ids, align 4 %173 = icmp ult i32 %171, %172 br i1 %173, label %161, label %174 %175 = load i64, i64* %150, align 8 %176 = add i64 %175, %28 store i64 %176, i64* %150, align 8 %177 = trunc i64 %28 to i32 %178 = sdiv i32 %177, %54 %179 = sub i32 0, %178 %180 = sext i32 %179 to i64 %181 = tail call i32 @cpumask_next_and(i32 -1, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %182 = load i32, i32* @nr_cpu_ids, align 4 %183 = icmp ult i32 %181, %182 br i1 %183, label %184, label %197 %185 = phi i32 [ %194, %184 ], [ %181, %174 ] %186 = sext i32 %185 to i64 %187 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %186 %188 = load i64, i64* %187, align 8 %189 = add i64 %188, ptrtoint (%struct.rq* @runqueues to i64) %190 = inttoptr i64 %189 to %struct.rq* %191 = getelementptr inbounds %struct.rq, %struct.rq* %190, i64 0, i32 12, i32 8 %192 = load i64, i64* %191, align 8 %193 = add i64 %192, %180 store i64 %193, i64* %191, align 8 %194 = tail call i32 @cpumask_next_and(i32 %185, %struct.cpumask* %157, %struct.cpumask* nonnull @__cpu_active_mask) #69 %195 = load i32, i32* @nr_cpu_ids, align 4 %196 = icmp ult i32 %194, %195 br i1 %196, label %184, label %197 tail call void @dl_change_utilization(%struct.task_struct.54204* %0, i64 %28) #70 Function:dl_change_utilization %3 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 8 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, 268435456 %6 = icmp eq i32 %5, 0 br i1 %6, label %8, label %7, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %10 = load i32, i32* %9, align 32 %11 = icmp eq i32 %10, 1 br i1 %11, label %72, label %12 %13 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %14 = load volatile i32, i32* %13, align 4 %15 = zext i32 %14 to i64 %16 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %15 %17 = load i64, i64* %16, align 8 %18 = add i64 %17, ptrtoint (%struct.rq* @runqueues to i64) %19 = inttoptr i64 %18 to %struct.rq* %20 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 9 %21 = load i8, i8* %20, align 4 %22 = and i8 %21, 4 %23 = icmp eq i8 %22, 0 br i1 %23, label %65, label %24 %25 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12 %26 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 4 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.rq, %struct.rq* %19, i64 0, i32 12, i32 6 %29 = load i64, i64* %28, align 8 store i64 %30, i64* %28, align 8 %31 = getelementptr %struct.dl_rq, %struct.dl_rq* %25, i64 -21, i32 2, i32 1 %32 = getelementptr inbounds i64, i64* %31, i64 313 %33 = bitcast i64* %32 to i32* %34 = load i32, i32* %33, align 8 %35 = sext i32 %34 to i64 %36 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %35 %37 = load i64, i64* %36, align 8 %38 = add i64 %37, ptrtoint (%struct.update_util_data** @cpufreq_update_util_data to i64) %39 = inttoptr i64 %38 to i64* %40 = load volatile i64, i64* %39, align 8 %41 = inttoptr i64 %40 to %struct.update_util_data* %42 = icmp eq i64 %40, 0 br i1 %42, label %48, label %43 %49 = load i8, i8* %20, align 4 %50 = and i8 %49, -5 store i8 %50, i8* %20, align 4 %51 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 23, i32 11 %52 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %51) #69 Function:hrtimer_try_to_cancel %2 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 3 %3 = bitcast %struct.hrtimer_clock_base** %2 to i64* %4 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 br label %5 %6 = load volatile i64, i64* %3, align 8 %7 = inttoptr i64 %6 to %struct.hrtimer_clock_base* %8 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %7, i64 0, i32 3, i32 0 %9 = load volatile i32, i32* %8, align 4 %10 = and i32 %9, 1 %11 = icmp eq i32 %10, 0 br i1 %11, label %16, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %13 = load volatile i32, i32* %8, align 4 %14 = and i32 %13, 1 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %12, !prof !4, !misexpect !5 %17 = phi i32 [ %9, %5 ], [ %13, %12 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = load i8, i8* %4, align 8 %19 = icmp eq i8 %18, 0 br i1 %19, label %20, label %24 br label %33 %34 = load volatile i64, i64* %3, align 8 %35 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %36 = icmp eq %struct.hrtimer_clock_base* %35, getelementptr inbounds (%struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* @migration_cpu_base, i64 0, i32 13, i64 0) br i1 %36, label %47, label %37, !prof !9, !misexpect !10 %38 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %35, i64 0, i32 0 %39 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %38, align 64 %40 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %39, i64 0, i32 0 %41 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %40) #69 %42 = load %struct.hrtimer_clock_base*, %struct.hrtimer_clock_base** %2, align 8 %43 = icmp eq %struct.hrtimer_clock_base* %42, %35 br i1 %43, label %48, label %44, !prof !4, !misexpect !10 %49 = inttoptr i64 %34 to %struct.hrtimer_clock_base* %50 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %49, i64 0, i32 4 %51 = load %struct.hrtimer*, %struct.hrtimer** %50, align 8 %52 = icmp eq %struct.hrtimer* %51, %0 br i1 %52, label %56, label %53 %54 = tail call fastcc i32 @remove_hrtimer(%struct.hrtimer* %0, %struct.hrtimer_clock_base* %49, i1 zeroext false, i1 zeroext false) #70 Function:remove_hrtimer %5 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 4 %6 = load i8, i8* %5, align 8 %7 = and i8 %6, 1 %8 = icmp eq i8 %7, 0 br i1 %8, label %197, label %9 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_hrtimer_cancel to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@remove_hrtimer, %10)) #6 to label %32 [label %10], !srcloc !4 %33 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 0 %34 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %35 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.hrtimer_cpu_base* nonnull @hrtimer_bases) #6, !srcloc !9 %36 = inttoptr i64 %35 to %struct.hrtimer_cpu_base* %37 = icmp eq %struct.hrtimer_cpu_base* %34, %36 br i1 %2, label %38, label %41 %42 = phi i1 [ %40, %38 ], [ %37, %32 ] %43 = phi i8 [ %6, %38 ], [ 0, %32 ] %44 = load %struct.hrtimer_cpu_base*, %struct.hrtimer_cpu_base** %33, align 64 %45 = load i8, i8* %5, align 8 store volatile i8 %43, i8* %5, align 1 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %197, label %48 %49 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 5 %50 = getelementptr inbounds %struct.hrtimer, %struct.hrtimer* %0, i64 0, i32 0 %51 = tail call zeroext i1 @timerqueue_del(%struct.timerqueue_head* %49, %struct.anon.17* %50) #69 br i1 %51, label %60, label %52 %53 = getelementptr inbounds %struct.hrtimer_clock_base, %struct.hrtimer_clock_base* %1, i64 0, i32 1 %54 = load i32, i32* %53, align 8 %55 = shl nuw i32 1, %54 %56 = xor i32 %55, -1 %57 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %58 = load i32, i32* %57, align 8 %59 = and i32 %58, %56 store i32 %59, i32* %57, align 8 br label %60 br i1 %42, label %61, label %197 %62 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 10 %63 = load %struct.hrtimer*, %struct.hrtimer** %62, align 8 %64 = icmp eq %struct.hrtimer* %63, %0 br i1 %64, label %65, label %197 %66 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 4 %67 = load i8, i8* %66, align 16 %68 = and i8 %67, 8 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %125 %71 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %72 = load i32, i32* %71, align 8 %73 = and i32 %72, 240 %74 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 store %struct.hrtimer* null, %struct.hrtimer** %74, align 8 %75 = icmp eq i32 %73, 0 br i1 %75, label %120, label %76 %77 = bitcast %struct.hrtimer** %74 to %struct.anon.17** %78 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %79 %80 = phi i64 [ %115, %114 ], [ 9223372036854775807, %76 ] %81 = phi i32 [ %87, %114 ], [ %73, %76 ] %82 = zext i32 %81 to i64 %83 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %82) #4, !srcloc !10 %84 = trunc i64 %83 to i32 %85 = shl nuw i32 1, %84 %86 = xor i32 %85, -1 %87 = and i32 %81, %86 %88 = and i64 %83, 4294967295 %89 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %88 %90 = icmp eq %struct.hrtimer_clock_base* %89, null br i1 %90, label %117, label %91 %118 = phi i64 [ %115, %114 ], [ %80, %79 ] %119 = icmp sgt i64 %118, 0 br i1 %119, label %120, label %122 %123 = phi i64 [ %121, %120 ], [ 0, %117 ] %124 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 11 store i64 %123, i64* %124, align 16 br label %125 %126 = phi i64 [ 9223372036854775807, %65 ], [ %123, %122 ] %127 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 2 %128 = load i32, i32* %127, align 8 %129 = and i32 %128, 15 store %struct.hrtimer* null, %struct.hrtimer** %62, align 8 %130 = icmp eq i32 %129, 0 br i1 %130, label %176, label %131 %132 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 12 %133 = bitcast %struct.hrtimer** %132 to %struct.anon.17** %134 = bitcast %struct.hrtimer** %62 to %struct.anon.17** br label %135 %136 = phi i64 [ 9223372036854775807, %131 ], [ %171, %170 ] %137 = phi i32 [ %129, %131 ], [ %143, %170 ] %138 = zext i32 %137 to i64 %139 = tail call i64 asm "rep; bsf $1,$0", "=r,rm,~{dirflag},~{fpsr},~{flags}"(i64 %138) #4, !srcloc !10 %140 = trunc i64 %139 to i32 %141 = shl nuw i32 1, %140 %142 = xor i32 %141, -1 %143 = and i32 %137, %142 %144 = and i64 %139, 4294967295 %145 = getelementptr %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 13, i64 %144 %146 = icmp eq %struct.hrtimer_clock_base* %145, null br i1 %146, label %173, label %147 %174 = phi i64 [ %171, %170 ], [ %136, %135 ] %175 = icmp sgt i64 %174, 0 br i1 %175, label %176, label %178 %179 = phi i64 [ %177, %176 ], [ 0, %173 ] %180 = icmp sgt i64 %179, %126 br i1 %180, label %181, label %186 %187 = phi i64 [ %126, %181 ], [ %179, %178 ] %188 = getelementptr inbounds %struct.hrtimer_cpu_base, %struct.hrtimer_cpu_base* %44, i64 0, i32 9 %189 = load i64, i64* %188, align 32 %190 = icmp eq i64 %187, %189 br i1 %190, label %197, label %191 store i64 %187, i64* %188, align 32 %192 = load i8, i8* %66, align 16 %193 = and i8 %192, 5 %194 = icmp eq i8 %193, 1 br i1 %194, label %195, label %197 %196 = tail call i32 @tick_program_event(i64 %187, i32 1) #69 Function:tick_program_event %3 = tail call %struct.clock_event_device.82521* asm "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.clock_event_device.82521** getelementptr inbounds (%struct.tick_device.82522, %struct.tick_device.82522* @tick_cpu_device, i64 0, i32 0)) #4, !srcloc !4 %4 = icmp eq i64 %0, 9223372036854775807 br i1 %4, label %5, label %7, !prof !5, !misexpect !6 %8 = getelementptr inbounds %struct.clock_event_device.82521, %struct.clock_event_device.82521* %3, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 4 br i1 %10, label %11, label %12, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.clock_event_device*, i32)* @clockevents_switch_state to void (%struct.clock_event_device.82521*, i32)*)(%struct.clock_event_device.82521* %3, i32 3) #69 br label %12 %13 = icmp ne i32 %1, 0 %14 = tail call i32 bitcast (i32 (%struct.clock_event_device*, i64, i1)* @clockevents_program_event to i32 (%struct.clock_event_device.82521*, i64, i1)*)(%struct.clock_event_device.82521* %3, i64 %0, i1 zeroext %13) #69 Function:clockevents_program_event %4 = icmp sgt i64 %1, -1 br i1 %4, label %6, label %5, !prof !4, !misexpect !5 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %1, i64* %7, align 8 %8 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %9 = load i32, i32* %8, align 8 %10 = icmp eq i32 %9, 1 br i1 %10, label %57, label %11 %12 = icmp eq i32 %9, 3 %13 = load i1, i1* @clockevents_program_event.__warned, align 1 %14 = or i1 %12, %13 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 9 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21 %26 = tail call i64 @ktime_get() #69 %27 = sub i64 %1, %26 %28 = icmp slt i64 %27, 1 br i1 %28, label %29, label %32 %33 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 4 %34 = load i64, i64* %33, align 32 %35 = icmp slt i64 %27, %34 %36 = select i1 %35, i64 %27, i64 %34 %37 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %38 = load i64, i64* %37, align 8 %39 = icmp sgt i64 %36, %38 %40 = select i1 %39, i64 %36, i64 %38 %41 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %42 = load i32, i32* %41, align 16 %43 = zext i32 %42 to i64 %44 = mul i64 %40, %43 %45 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %46 = load i32, i32* %45, align 4 %47 = zext i32 %46 to i64 %48 = lshr i64 %44, %47 %49 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %50 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %49, align 8 %51 = tail call i32 %50(i64 %48, %struct.clock_event_device* %0) #69 %52 = icmp eq i32 %51, 0 %53 = xor i1 %2, true %54 = or i1 %52, %53 br i1 %54, label %57, label %55 %56 = tail call fastcc i32 @clockevents_program_min_delta(%struct.clock_event_device* %0) #70 Function:clockevents_program_min_delta %2 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = tail call i64 @ktime_get() #69 %5 = add i64 %4, %3 %6 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 3 store i64 %5, i64* %6, align 8 %7 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 8 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 1 br i1 %9, label %56, label %10 %11 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 10 %12 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 6 %13 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 7 %14 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 1 %15 = getelementptr inbounds %struct.clock_event_device, %struct.clock_event_device* %0, i64 0, i32 21 br label %16 %17 = phi i64 [ %3, %10 ], [ %51, %49 ] %18 = phi i32 [ 0, %10 ], [ %50, %49 ] %19 = load i64, i64* %11, align 64 %20 = add i64 %19, 1 store i64 %20, i64* %11, align 64 %21 = load i32, i32* %12, align 16 %22 = zext i32 %21 to i64 %23 = mul i64 %17, %22 %24 = load i32, i32* %13, align 4 %25 = zext i32 %24 to i64 %26 = lshr i64 %23, %25 %27 = load i32 (i64, %struct.clock_event_device*)*, i32 (i64, %struct.clock_event_device*)** %14, align 8 %28 = tail call i32 %27(i64 %26, %struct.clock_event_device* %0) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %56, label %30 %31 = add i32 %18, 1 %32 = icmp sgt i32 %31, 2 br i1 %32, label %33, label %49 %34 = load i64, i64* %2, align 8 %35 = icmp ugt i64 %34, 999999 br i1 %35, label %47, label %36 %48 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([40 x i8], [40 x i8]* @.str.4.9021, i64 0, i64 0)) #70 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 force_sig_info_to_task 7 force_sig 8 signal_fault 9 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_wait4 11 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_compat_sys_waitid 12 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_sys_waitid 12 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 signal_wake_up_state 7 __ptrace_unlink 8 wait_consider_task 9 do_wait 10 kernel_waitid 11 __se_sys_waitid 12 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 select_fallback_rq 4 try_to_wake_up 5 wake_up_state 6 zap_other_threads 7 do_group_exit 8 __do_sys_exit_group 9 __se_sys_exit_group 10 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 %87 = icmp eq i32 %86, 0 br i1 %87, label %93, label %88 %89 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 48 %90 = load i32, i32* %89, align 8 %91 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 80, i64 0 %92 = tail call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.89.6656, i64 0, i64 0), i32 %90, i8* %91, i32 %0) #71 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 __pm_pr_dbg 4 pm_print_active_wakeup_sources 5 pm_get_wakeup_count 6 wakeup_count_show ------------- Path:  Function:wakeup_count_show %4 = alloca i32, align 4 %5 = bitcast i32* %4 to i8* %6 = call zeroext i1 @pm_get_wakeup_count(i32* nonnull %4, i1 zeroext true) #69 Function:pm_get_wakeup_count %3 = alloca %struct.wait_queue_entry, align 8 br i1 %1, label %4, label %27 %5 = bitcast %struct.wait_queue_entry* %3 to i8* %6 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 0 store i32 0, i32* %6, align 8 %7 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 1 %8 = tail call %struct.task_struct.516063* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.516063** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.516063**)) #10, !srcloc !4 %9 = bitcast i8** %7 to %struct.task_struct.516063** store %struct.task_struct.516063* %8, %struct.task_struct.516063** %9, align 8 %10 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %3, i64 0, i32 3, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = getelementptr inbounds %struct.task_struct.516063, %struct.task_struct.516063* %8, i64 0, i32 0, i32 0 call void @prepare_to_wait(%struct.wait_queue_head* nonnull @wakeup_count_wait_queue, %struct.wait_queue_entry* nonnull %3, i32 1) #69 %15 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @combined_event_count, i64 0, i32 0), align 4 %16 = and i32 %15, 65535 %17 = icmp eq i32 %16, 0 br i1 %17, label %26, label %18 %19 = load volatile i64, i64* %14, align 8 %20 = and i64 %19, 4 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 call void @pm_print_active_wakeup_sources() #70 Function:pm_print_active_wakeup_sources %1 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @wakeup_srcu) #69 %2 = load volatile i64, i64* bitcast (%struct.list_head* @wakeup_sources to i64*), align 8 %3 = inttoptr i64 %2 to i8* %4 = icmp eq i8* %3, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %4, label %45, label %5 %6 = phi i8* [ %37, %31 ], [ %3, %0 ] %7 = phi i64 [ %36, %31 ], [ %2, %0 ] %8 = phi i32 [ %34, %31 ], [ 0, %0 ] %9 = phi %struct.wakeup_source.516196* [ %32, %31 ], [ null, %0 ] %10 = getelementptr i8, i8* %6, i64 -16 %11 = bitcast i8* %10 to %struct.wakeup_source.516196* %12 = getelementptr i8, i8* %6, i64 168 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %19, label %16 %20 = icmp eq i32 %8, 0 br i1 %20, label %21, label %31 %32 = phi %struct.wakeup_source.516196* [ %9, %16 ], [ %9, %19 ], [ %11, %30 ], [ %9, %23 ] %33 = phi i1 [ false, %16 ], [ false, %19 ], [ true, %30 ], [ true, %23 ] %34 = phi i32 [ 1, %16 ], [ 1, %19 ], [ 0, %30 ], [ 0, %23 ] %35 = inttoptr i64 %7 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = inttoptr i64 %36 to i8* %38 = icmp eq i8* %37, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %38, label %39, label %5 %40 = icmp ne %struct.wakeup_source.516196* %32, null %41 = and i1 %40, %33 br i1 %41, label %42, label %45 %43 = getelementptr inbounds %struct.wakeup_source.516196, %struct.wakeup_source.516196* %32, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 tail call void (i1, i8*, ...) @__pm_pr_dbg(i1 zeroext false, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.4.42503, i64 0, i64 0), i8* %44) #69 Function:__pm_pr_dbg %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = load i8, i8* @pm_debug_messages_on, align 1, !range !4 %8 = icmp eq i8 %7, 0 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %10, align 8 %11 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %11, align 8 br i1 %0, label %12, label %14 %13 = call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.7280, i64 0, i64 0), %struct.va_format* nonnull %3) #69 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 vprintk_deferred 2 printk_deferred 3 __pm_pr_dbg 4 pm_print_active_wakeup_sources 5 wakeup_count_store ------------- Path:  Function:wakeup_count_store %5 = alloca i32, align 4 %6 = bitcast i32* %5 to i8* %7 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.41.7264, i64 0, i64 0), i32* nonnull %5) #69 %8 = icmp eq i32 %7, 1 br i1 %8, label %9, label %16 %10 = load i32, i32* %5, align 4 %11 = call zeroext i1 @pm_save_wakeup_count(i32 %10) #70 br i1 %11, label %12, label %15 call void @pm_print_active_wakeup_sources() #70 Function:pm_print_active_wakeup_sources %1 = tail call i32 @__srcu_read_lock(%struct.srcu_struct* nonnull @wakeup_srcu) #69 %2 = load volatile i64, i64* bitcast (%struct.list_head* @wakeup_sources to i64*), align 8 %3 = inttoptr i64 %2 to i8* %4 = icmp eq i8* %3, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %4, label %45, label %5 %6 = phi i8* [ %37, %31 ], [ %3, %0 ] %7 = phi i64 [ %36, %31 ], [ %2, %0 ] %8 = phi i32 [ %34, %31 ], [ 0, %0 ] %9 = phi %struct.wakeup_source.516196* [ %32, %31 ], [ null, %0 ] %10 = getelementptr i8, i8* %6, i64 -16 %11 = bitcast i8* %10 to %struct.wakeup_source.516196* %12 = getelementptr i8, i8* %6, i64 168 %13 = load i8, i8* %12, align 8 %14 = and i8 %13, 1 %15 = icmp eq i8 %14, 0 br i1 %15, label %19, label %16 %20 = icmp eq i32 %8, 0 br i1 %20, label %21, label %31 %32 = phi %struct.wakeup_source.516196* [ %9, %16 ], [ %9, %19 ], [ %11, %30 ], [ %9, %23 ] %33 = phi i1 [ false, %16 ], [ false, %19 ], [ true, %30 ], [ true, %23 ] %34 = phi i32 [ 1, %16 ], [ 1, %19 ], [ 0, %30 ], [ 0, %23 ] %35 = inttoptr i64 %7 to i64* %36 = load volatile i64, i64* %35, align 8 %37 = inttoptr i64 %36 to i8* %38 = icmp eq i8* %37, bitcast (%struct.list_head* @wakeup_sources to i8*) br i1 %38, label %39, label %5 %40 = icmp ne %struct.wakeup_source.516196* %32, null %41 = and i1 %40, %33 br i1 %41, label %42, label %45 %43 = getelementptr inbounds %struct.wakeup_source.516196, %struct.wakeup_source.516196* %32, i64 0, i32 0 %44 = load i8*, i8** %43, align 8 tail call void (i1, i8*, ...) @__pm_pr_dbg(i1 zeroext false, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.4.42503, i64 0, i64 0), i8* %44) #69 Function:__pm_pr_dbg %3 = alloca %struct.va_format, align 8 %4 = alloca [1 x %struct.__va_list_tag], align 16 %5 = bitcast %struct.va_format* %3 to i8* %6 = bitcast [1 x %struct.__va_list_tag]* %4 to i8* %7 = load i8, i8* @pm_debug_messages_on, align 1, !range !4 %8 = icmp eq i8 %7, 0 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 0 store i8* %1, i8** %10, align 8 %11 = getelementptr inbounds %struct.va_format, %struct.va_format* %3, i64 0, i32 1 store [1 x %struct.__va_list_tag]* %4, [1 x %struct.__va_list_tag]** %11, align 8 br i1 %0, label %12, label %14 %13 = call i32 (i8*, ...) @printk_deferred(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.7280, i64 0, i64 0), %struct.va_format* nonnull %3) #69 Function:printk_deferred %2 = alloca [1 x %struct.__va_list_tag], align 16 %3 = bitcast [1 x %struct.__va_list_tag]* %2 to i8* %4 = getelementptr inbounds [1 x %struct.__va_list_tag], [1 x %struct.__va_list_tag]* %2, i64 0, i64 0 %5 = call i32 @vprintk_deferred(i8* %0, %struct.__va_list_tag* nonnull %4) #69 Function:vprintk_deferred %3 = tail call i32 @vprintk_emit(i32 0, i32 -2, i8* null, i64 0, i8* %0, %struct.__va_list_tag* %1) #69 %4 = load i1, i1* @__printk_percpu_data_ready, align 1 br i1 %4, label %5, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call void asm "orl $1,%gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @printk_pending, i32 2, i32* nonnull @printk_pending) #6, !srcloc !5 %6 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.irq_work* nonnull @wake_up_klogd_work) #6, !srcloc !6 %7 = inttoptr i64 %6 to %struct.irq_work* %8 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %7) #70 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 ring_buffer_write 2 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 br label %70 %71 = getelementptr inbounds i8, i8* %69, i64 8 %72 = bitcast i8* %71 to i64* store i64 ptrtoint (i8* blockaddress(@tracing_mark_write, %70) to i64), i64* %72, align 8 %73 = getelementptr inbounds i8, i8* %69, i64 16 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %20, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %80, label %79 %81 = phi i64 [ -14, %79 ], [ %17, %70 ] %82 = phi i64 [ 9, %79 ], [ %17, %70 ] %83 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 25 %84 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %85 = icmp eq %struct.trace_event_file.96777* %84, null br i1 %85, label %96, label %86 %87 = getelementptr inbounds %struct.trace_event_file.96777, %struct.trace_event_file.96777* %84, i64 0, i32 6 %88 = bitcast %struct.list_head* %87 to i64* %89 = load volatile i64, i64* %88, align 8 %90 = inttoptr i64 %89 to %struct.list_head* %91 = icmp eq %struct.list_head* %87, %90 br i1 %91, label %96, label %92 %97 = phi i32 [ 0, %86 ], [ %95, %92 ], [ 0, %80 ] %98 = add nsw i64 %82, -1 %99 = getelementptr i8, i8* %73, i64 %98 %100 = load i8, i8* %99, align 1 %101 = icmp eq i8 %100, 10 %102 = getelementptr i8, i8* %73, i64 %82 br i1 %101, label %106, label %103 %107 = phi i8* [ %105, %103 ], [ %102, %96 ] store i8 0, i8* %107, align 1 call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %108 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %109 = icmp eq %struct.ring_buffer_event* %108, %27 br i1 %109, label %110, label %117 %111 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 0 %112 = load i32, i32* %111, align 4 %113 = zext i32 %112 to i64 %114 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 1 %115 = bitcast i32* %114 to i8* %116 = call i32 @ring_buffer_write(%struct.ring_buffer* %24, i64 %113, i8* %115) #69 Function:ring_buffer_write %4 = alloca %struct.rb_event_info, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 2, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %420 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %10 = zext i32 %9 to i64 %11 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 4, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %10) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %420, label %15 %16 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 7 %17 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %16, align 8 %18 = sext i32 %9 to i64 %19 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %17, i64 %18 %20 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %19, align 8 %21 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 1, i32 0 %22 = load volatile i32, i32* %21, align 4 %23 = icmp ne i32 %22, 0 %24 = icmp ugt i64 %1, 4072 %25 = or i1 %24, %23 br i1 %25, label %420, label %26 %27 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 8 %28 = load i32, i32* %27, align 8 %29 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %30 = and i32 %29, 2147483647 %31 = zext i32 %30 to i64 %32 = and i64 %31, 2031872 %33 = icmp eq i64 %32, 0 br i1 %33, label %41, label %34 %35 = and i64 %31, 1048576 %36 = icmp eq i64 %35, 0 %37 = and i64 %31, 983040 %38 = icmp eq i64 %37, 0 %39 = select i1 %38, i32 3, i32 2 %40 = select i1 %36, i32 %39, i32 1 br label %41 %42 = phi i32 [ 4, %26 ], [ %40, %34 ] %43 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 16 %44 = load i64, i64* %43, align 8 %45 = trunc i64 %44 to i32 %46 = add i32 %42, %45 %47 = shl nuw i32 1, %46 %48 = and i32 %47, %28 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !8, !misexpect !9 %51 = shl nuw i32 1, %45 %52 = and i32 %51, %28 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %420 %55 = phi i32 [ %42, %41 ], [ 0, %50 ] %56 = add i32 %55, %45 %57 = shl nuw i32 1, %56 %58 = or i32 %57, %28 store i32 %58, i32* %27, align 8 %59 = bitcast %struct.rb_event_info* %4 to i8* %60 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 22, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %60, i64* %60) #6, !srcloc !10 %61 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 23, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %61, i64* %61) #6, !srcloc !10 %62 = trunc i64 %1 to i32 %63 = icmp eq i32 %62, 0 %64 = select i1 %63, i32 1, i32 %62 %65 = icmp ugt i32 %64, 112 %66 = add nuw nsw i32 %64, 4 %67 = select i1 %65, i32 %66, i32 %64 %68 = add nuw nsw i32 %67, 7 %69 = and i32 %68, -4 %70 = icmp eq i32 %69, 12 %71 = select i1 %70, i32 16, i32 %69 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 2 store i64 %72, i64* %73, align 8 %74 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 4 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 1 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 2 %77 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %78 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 0 %79 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 31 %80 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 11 %81 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 11 %82 = bitcast %struct.buffer_page** %81 to i64* %83 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 3 %84 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 12 %85 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 17, i32 0, i32 0 br label %88 %89 = phi %struct.ring_buffer* [ %77, %54 ], [ %199, %197 ] %90 = phi i32 [ 1, %54 ], [ %198, %197 ] %91 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %89, i64 0, i32 9 %92 = load i64 ()*, i64 ()** %91, align 8 %93 = tail call i64 %92() #69 store i64 %93, i64* %78, align 8 %94 = load i64, i64* %79, align 8 %95 = sub i64 %93, %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %96 = load i8, i8* %80, align 8, !range !15 %97 = icmp eq i8 %96, 0 br i1 %97, label %99, label %98 %100 = load i64, i64* %79, align 8 %101 = icmp ult i64 %93, %100 br i1 %101, label %105, label %102, !prof !16, !misexpect !17 store i64 %95, i64* %75, align 8 %103 = icmp ult i64 %95, 134217728 br i1 %103, label %105, label %104, !prof !8, !misexpect !9 call fastcc void @rb_handle_timestamp(%struct.ring_buffer_per_cpu* %20, %struct.rb_event_info* nonnull %4) #69 br label %105 %106 = load i32, i32* %74, align 8 %107 = icmp eq i32 %106, 0 %108 = load i64, i64* %73, align 8 br i1 %107, label %111, label %109, !prof !8, !misexpect !9 %110 = add i64 %108, 8 store i64 %110, i64* %73, align 8 br label %111 %112 = phi i64 [ %110, %109 ], [ %108, %105 ] %113 = load volatile i64, i64* %82, align 8 %114 = inttoptr i64 %113 to %struct.buffer_page* store %struct.buffer_page* %114, %struct.buffer_page** %83, align 8 %115 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 1, i32 0, i32 0 %116 = tail call i64 asm sideeffect " xaddq $0, $1;", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64 %112, i64* %115) #6, !srcloc !18 %117 = add i64 %116, %112 %118 = and i64 %117, 1048575 %119 = sub i64 %118, %112 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %127 %122 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %123 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %122, i64 0, i32 11 %124 = load i8, i8* %123, align 8, !range !15 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %127 store i64 0, i64* %75, align 8 br label %127 %128 = icmp ugt i64 %118, 4080 br i1 %128, label %129, label %131, !prof !16, !misexpect !9 %132 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 5 %133 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %134 = and i64 %119, 4294967295 %135 = getelementptr %struct.buffer_data_page, %struct.buffer_data_page* %133, i64 0, i32 2, i64 %134 %136 = bitcast i8* %135 to %struct.ring_buffer_event* %137 = load i64, i64* %75, align 8 %138 = ptrtoint i8* %135 to i64 %139 = and i64 %138, -4096 %140 = load %struct.buffer_page*, %struct.buffer_page** %84, align 8 %141 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %140, i64 0, i32 5 %142 = load %struct.buffer_data_page*, %struct.buffer_data_page** %141, align 8 %143 = inttoptr i64 %139 to %struct.buffer_data_page* %144 = icmp eq %struct.buffer_data_page* %142, %143 br i1 %144, label %145, label %154 %146 = trunc i64 %138 to i32 %147 = and i32 %146, 4095 %148 = add nsw i32 %147, -16 %149 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %142, i64 0, i32 1, i32 0, i32 0 %150 = load volatile i64, i64* %149, align 8 %151 = trunc i64 %150 to i32 %152 = icmp eq i32 %148, %151 %153 = select i1 %152, i64 %137, i64 0 br label %154 %155 = phi i64 [ 0, %131 ], [ %153, %145 ] br i1 %107, label %164, label %156, !prof !8, !misexpect !9 %157 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %158 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %157, i64 0, i32 11 %159 = load i8, i8* %158, align 8, !range !15 %160 = icmp ne i8 %159, 0 %161 = select i1 %160, i64 %137, i64 %155 %162 = tail call fastcc %struct.ring_buffer_event* @rb_add_time_stamp(%struct.ring_buffer_event* %136, i64 %161, i1 zeroext %160) #69 %163 = add i64 %112, -8 br label %164 %165 = phi i64 [ %163, %156 ], [ %112, %154 ] %166 = phi i64 [ 0, %156 ], [ %155, %154 ] %167 = phi %struct.ring_buffer_event* [ %162, %156 ], [ %136, %154 ] %168 = trunc i64 %166 to i32 %169 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %167, i64 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = shl i32 %168, 5 %172 = and i32 %170, 31 %173 = or i32 %172, %171 store i32 %173, i32* %169, align 4 %174 = trunc i64 %165 to i32 %175 = add i32 %174, -4 %176 = icmp ugt i32 %175, 112 br i1 %176, label %177, label %179 %180 = add nuw nsw i32 %174, 127 %181 = lshr i32 %180, 2 %182 = and i32 %181, 31 %183 = or i32 %182, %171 store i32 %183, i32* %169, align 4 br label %184 %185 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 3, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %185, i64* %185) #6, !srcloc !10 br i1 %120, label %186, label %190 %187 = load i64, i64* %78, align 8 %188 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %189 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %188, i64 0, i32 0 store i64 %187, i64* %189, align 8 br label %190 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %85, i64 %112, i64* %85) #6, !srcloc !19 br label %191 %192 = phi %struct.ring_buffer_event* [ %130, %129 ], [ %136, %190 ] %193 = ptrtoint %struct.ring_buffer_event* %192 to i64 switch i64 %193, label %322 [ i64 -11, label %194 i64 0, label %201 ], !prof !20 %323 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 0, i32 0 %324 = load i32, i32* %323, align 4 %325 = and i32 %324, 30 %326 = icmp eq i32 %325, 30 %327 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 2 %328 = select i1 %326, %struct.ring_buffer_event* %327, %struct.ring_buffer_event* %192 %329 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 0 %330 = load i32, i32* %329, align 4 %331 = and i32 %330, 31 %332 = icmp ugt i32 %331, 28 br i1 %332, label %333, label %334, !prof !16, !misexpect !9 %335 = icmp eq i32 %331, 0 %336 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 0 %337 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 1 %338 = select i1 %335, i32* %337, i32* %336 %339 = bitcast i32* %338 to i8* tail call fastcc void @rb_commit(%struct.ring_buffer_per_cpu* %20, %struct.ring_buffer_event* nonnull %192) #70 %340 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 3 %341 = load i8, i8* %340, align 8, !range !15 %342 = icmp eq i8 %341, 0 br i1 %342, label %346, label %343 store i8 0, i8* %340, align 8 %344 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 0 %345 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %344) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 irq_work_queue 1 ring_buffer_write 2 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %34 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %35 = trunc i32 %29 to i8 %36 = getelementptr inbounds i8, i8* %33, i64 3 store i8 %35, i8* %36, align 1 %37 = icmp eq %struct.task_struct.96680* %34, null br i1 %37, label %41, label %38 %39 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 48 %40 = load i32, i32* %39, align 8 br label %41 %42 = phi i32 [ %40, %38 ], [ 0, %32 ] %43 = getelementptr inbounds i8, i8* %33, i64 4 %44 = bitcast i8* %43 to i32* store i32 %42, i32* %44, align 4 %45 = bitcast i8* %33 to i16* store i16 16, i16* %45, align 4 %46 = lshr i64 %22, 9 %47 = trunc i64 %46 to i32 %48 = and i32 %47, 1 %49 = lshr i32 %29, 14 %50 = and i32 %49, 64 %51 = or i32 %50, %48 %52 = and i32 %29, 983040 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i32 0, i32 8 %55 = lshr i32 %29, 4 %56 = and i32 %55, 16 %57 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 0, i32 0 %58 = load volatile i64, i64* %57, align 8 %59 = lshr i64 %58, 1 %60 = trunc i64 %59 to i32 %61 = and i32 %60, 4 %62 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %63 = lshr i32 %62, 26 %64 = and i32 %63, 32 %65 = or i32 %51, %56 %66 = or i32 %65, %54 %67 = or i32 %66, %61 %68 = or i32 %67, %64 %69 = trunc i32 %68 to i8 %70 = xor i8 %69, 33 %71 = getelementptr inbounds i8, i8* %33, i64 2 store i8 %70, i8* %71, align 2 %72 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %73 = getelementptr inbounds i8, i8* %72, i64 8 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %23, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %82, label %79 %83 = phi i64 [ -14, %79 ], [ %20, %41 ] call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %84 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %85 = icmp eq %struct.ring_buffer_event* %84, %30 br i1 %85, label %86, label %93 %87 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 0 %88 = load i32, i32* %87, align 4 %89 = zext i32 %88 to i64 %90 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 1 %91 = bitcast i32* %90 to i8* %92 = call i32 @ring_buffer_write(%struct.ring_buffer* %27, i64 %89, i8* %91) #69 Function:ring_buffer_write %4 = alloca %struct.rb_event_info, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 2, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %420 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !5 %10 = zext i32 %9 to i64 %11 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 4, i64 0, i32 0, i64 0 %12 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %11, i64 %10) #6, !srcloc !6 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %420, label %15 %16 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 7 %17 = load %struct.ring_buffer_per_cpu**, %struct.ring_buffer_per_cpu*** %16, align 8 %18 = sext i32 %9 to i64 %19 = getelementptr %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %17, i64 %18 %20 = load %struct.ring_buffer_per_cpu*, %struct.ring_buffer_per_cpu** %19, align 8 %21 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 1, i32 0 %22 = load volatile i32, i32* %21, align 4 %23 = icmp ne i32 %22, 0 %24 = icmp ugt i64 %1, 4072 %25 = or i1 %24, %23 br i1 %25, label %420, label %26 %27 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 8 %28 = load i32, i32* %27, align 8 %29 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %30 = and i32 %29, 2147483647 %31 = zext i32 %30 to i64 %32 = and i64 %31, 2031872 %33 = icmp eq i64 %32, 0 br i1 %33, label %41, label %34 %35 = and i64 %31, 1048576 %36 = icmp eq i64 %35, 0 %37 = and i64 %31, 983040 %38 = icmp eq i64 %37, 0 %39 = select i1 %38, i32 3, i32 2 %40 = select i1 %36, i32 %39, i32 1 br label %41 %42 = phi i32 [ 4, %26 ], [ %40, %34 ] %43 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 16 %44 = load i64, i64* %43, align 8 %45 = trunc i64 %44 to i32 %46 = add i32 %42, %45 %47 = shl nuw i32 1, %46 %48 = and i32 %47, %28 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !8, !misexpect !9 %51 = shl nuw i32 1, %45 %52 = and i32 %51, %28 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %420 %55 = phi i32 [ %42, %41 ], [ 0, %50 ] %56 = add i32 %55, %45 %57 = shl nuw i32 1, %56 %58 = or i32 %57, %28 store i32 %58, i32* %27, align 8 %59 = bitcast %struct.rb_event_info* %4 to i8* %60 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 22, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %60, i64* %60) #6, !srcloc !10 %61 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 23, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %61, i64* %61) #6, !srcloc !10 %62 = trunc i64 %1 to i32 %63 = icmp eq i32 %62, 0 %64 = select i1 %63, i32 1, i32 %62 %65 = icmp ugt i32 %64, 112 %66 = add nuw nsw i32 %64, 4 %67 = select i1 %65, i32 %66, i32 %64 %68 = add nuw nsw i32 %67, 7 %69 = and i32 %68, -4 %70 = icmp eq i32 %69, 12 %71 = select i1 %70, i32 16, i32 %69 %72 = zext i32 %71 to i64 %73 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 2 store i64 %72, i64* %73, align 8 %74 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 4 store i32 0, i32* %74, align 8 %75 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 1 store i64 0, i64* %75, align 8 %76 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 2 %77 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %78 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 0 %79 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 31 %80 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 11 %81 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 11 %82 = bitcast %struct.buffer_page** %81 to i64* %83 = getelementptr inbounds %struct.rb_event_info, %struct.rb_event_info* %4, i64 0, i32 3 %84 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 12 %85 = getelementptr inbounds %struct.ring_buffer_per_cpu, %struct.ring_buffer_per_cpu* %20, i64 0, i32 17, i32 0, i32 0 br label %88 %89 = phi %struct.ring_buffer* [ %77, %54 ], [ %199, %197 ] %90 = phi i32 [ 1, %54 ], [ %198, %197 ] %91 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %89, i64 0, i32 9 %92 = load i64 ()*, i64 ()** %91, align 8 %93 = tail call i64 %92() #69 store i64 %93, i64* %78, align 8 %94 = load i64, i64* %79, align 8 %95 = sub i64 %93, %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %96 = load i8, i8* %80, align 8, !range !15 %97 = icmp eq i8 %96, 0 br i1 %97, label %99, label %98 %100 = load i64, i64* %79, align 8 %101 = icmp ult i64 %93, %100 br i1 %101, label %105, label %102, !prof !16, !misexpect !17 store i64 %95, i64* %75, align 8 %103 = icmp ult i64 %95, 134217728 br i1 %103, label %105, label %104, !prof !8, !misexpect !9 call fastcc void @rb_handle_timestamp(%struct.ring_buffer_per_cpu* %20, %struct.rb_event_info* nonnull %4) #69 br label %105 %106 = load i32, i32* %74, align 8 %107 = icmp eq i32 %106, 0 %108 = load i64, i64* %73, align 8 br i1 %107, label %111, label %109, !prof !8, !misexpect !9 %110 = add i64 %108, 8 store i64 %110, i64* %73, align 8 br label %111 %112 = phi i64 [ %110, %109 ], [ %108, %105 ] %113 = load volatile i64, i64* %82, align 8 %114 = inttoptr i64 %113 to %struct.buffer_page* store %struct.buffer_page* %114, %struct.buffer_page** %83, align 8 %115 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 1, i32 0, i32 0 %116 = tail call i64 asm sideeffect " xaddq $0, $1;", "=r,=*m,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64 %112, i64* %115) #6, !srcloc !18 %117 = add i64 %116, %112 %118 = and i64 %117, 1048575 %119 = sub i64 %118, %112 %120 = icmp eq i64 %119, 0 br i1 %120, label %121, label %127 %122 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %123 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %122, i64 0, i32 11 %124 = load i8, i8* %123, align 8, !range !15 %125 = icmp eq i8 %124, 0 br i1 %125, label %126, label %127 store i64 0, i64* %75, align 8 br label %127 %128 = icmp ugt i64 %118, 4080 br i1 %128, label %129, label %131, !prof !16, !misexpect !9 %132 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 5 %133 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %134 = and i64 %119, 4294967295 %135 = getelementptr %struct.buffer_data_page, %struct.buffer_data_page* %133, i64 0, i32 2, i64 %134 %136 = bitcast i8* %135 to %struct.ring_buffer_event* %137 = load i64, i64* %75, align 8 %138 = ptrtoint i8* %135 to i64 %139 = and i64 %138, -4096 %140 = load %struct.buffer_page*, %struct.buffer_page** %84, align 8 %141 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %140, i64 0, i32 5 %142 = load %struct.buffer_data_page*, %struct.buffer_data_page** %141, align 8 %143 = inttoptr i64 %139 to %struct.buffer_data_page* %144 = icmp eq %struct.buffer_data_page* %142, %143 br i1 %144, label %145, label %154 %146 = trunc i64 %138 to i32 %147 = and i32 %146, 4095 %148 = add nsw i32 %147, -16 %149 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %142, i64 0, i32 1, i32 0, i32 0 %150 = load volatile i64, i64* %149, align 8 %151 = trunc i64 %150 to i32 %152 = icmp eq i32 %148, %151 %153 = select i1 %152, i64 %137, i64 0 br label %154 %155 = phi i64 [ 0, %131 ], [ %153, %145 ] br i1 %107, label %164, label %156, !prof !8, !misexpect !9 %157 = load %struct.ring_buffer*, %struct.ring_buffer** %76, align 8 %158 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %157, i64 0, i32 11 %159 = load i8, i8* %158, align 8, !range !15 %160 = icmp ne i8 %159, 0 %161 = select i1 %160, i64 %137, i64 %155 %162 = tail call fastcc %struct.ring_buffer_event* @rb_add_time_stamp(%struct.ring_buffer_event* %136, i64 %161, i1 zeroext %160) #69 %163 = add i64 %112, -8 br label %164 %165 = phi i64 [ %163, %156 ], [ %112, %154 ] %166 = phi i64 [ 0, %156 ], [ %155, %154 ] %167 = phi %struct.ring_buffer_event* [ %162, %156 ], [ %136, %154 ] %168 = trunc i64 %166 to i32 %169 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %167, i64 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = shl i32 %168, 5 %172 = and i32 %170, 31 %173 = or i32 %172, %171 store i32 %173, i32* %169, align 4 %174 = trunc i64 %165 to i32 %175 = add i32 %174, -4 %176 = icmp ugt i32 %175, 112 br i1 %176, label %177, label %179 %180 = add nuw nsw i32 %174, 127 %181 = lshr i32 %180, 2 %182 = and i32 %181, 31 %183 = or i32 %182, %171 store i32 %183, i32* %169, align 4 br label %184 %185 = getelementptr inbounds %struct.buffer_page, %struct.buffer_page* %114, i64 0, i32 3, i32 0, i32 0 tail call void asm sideeffect " incq $0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %185, i64* %185) #6, !srcloc !10 br i1 %120, label %186, label %190 %187 = load i64, i64* %78, align 8 %188 = load %struct.buffer_data_page*, %struct.buffer_data_page** %132, align 8 %189 = getelementptr inbounds %struct.buffer_data_page, %struct.buffer_data_page* %188, i64 0, i32 0 store i64 %187, i64* %189, align 8 br label %190 tail call void asm sideeffect " addq $1,$0", "=*m,ir,*m,~{dirflag},~{fpsr},~{flags}"(i64* %85, i64 %112, i64* %85) #6, !srcloc !19 br label %191 %192 = phi %struct.ring_buffer_event* [ %130, %129 ], [ %136, %190 ] %193 = ptrtoint %struct.ring_buffer_event* %192 to i64 switch i64 %193, label %322 [ i64 -11, label %194 i64 0, label %201 ], !prof !20 %323 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 0, i32 0 %324 = load i32, i32* %323, align 4 %325 = and i32 %324, 30 %326 = icmp eq i32 %325, 30 %327 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %192, i64 2 %328 = select i1 %326, %struct.ring_buffer_event* %327, %struct.ring_buffer_event* %192 %329 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 0 %330 = load i32, i32* %329, align 4 %331 = and i32 %330, 31 %332 = icmp ugt i32 %331, 28 br i1 %332, label %333, label %334, !prof !16, !misexpect !9 %335 = icmp eq i32 %331, 0 %336 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 0 %337 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %328, i64 0, i32 1, i64 1 %338 = select i1 %335, i32* %337, i32* %336 %339 = bitcast i32* %338 to i8* tail call fastcc void @rb_commit(%struct.ring_buffer_per_cpu* %20, %struct.ring_buffer_event* nonnull %192) #70 %340 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 3 %341 = load i8, i8* %340, align 8, !range !15 %342 = icmp eq i8 %341, 0 br i1 %342, label %346, label %343 store i8 0, i8* %340, align 8 %344 = getelementptr inbounds %struct.ring_buffer, %struct.ring_buffer* %0, i64 0, i32 10, i32 0 %345 = tail call zeroext i1 @irq_work_queue(%struct.irq_work* %344) #69 Function:irq_work_queue %2 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, -2 %5 = or i64 %3, 3 %6 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %5, i64 %4, i64* %2) #6, !srcloc !4 %7 = icmp eq i64 %6, %4 br i1 %7, label %16, label %8 %9 = phi i64 [ %14, %12 ], [ %6, %1 ] %10 = and i64 %9, 1 %11 = icmp eq i64 %10, 0 br i1 %11, label %12, label %34 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %13 = or i64 %9, 3 %14 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %2, i64 %13, i64 %9, i64* %2) #6, !srcloc !4 %15 = icmp eq i64 %14, %9 br i1 %15, label %16, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %17 = load i64, i64* %2, align 8 %18 = and i64 %17, 4 %19 = icmp eq i64 %18, 0 %20 = getelementptr inbounds %struct.irq_work, %struct.irq_work* %0, i64 0, i32 1 br i1 %19, label %28, label %21 %29 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.llist_node* nonnull @raised_list) #6, !srcloc !8 %30 = inttoptr i64 %29 to %struct.llist_node* %31 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %20, %struct.llist_node* %20, %struct.llist_node* %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 ksys_dup 2 __ia32_sys_dup ------------- Path:  Function:__ia32_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i32 @ksys_dup(i32 %4) #69 Function:ksys_dup %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable* %9 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %58, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %16, i64 0, i32 1 %18 = load %struct.file.43183**, %struct.file.43183*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.43183*, %struct.file.43183** %18, i64 %23 %25 = bitcast %struct.file.43183** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.43183* %28 = icmp eq i64 %26, 0 br i1 %28, label %58, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable* %46 = icmp eq %struct.fdtable* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.43183* %50 = icmp eq %struct.file.43183* %49, %27 br i1 %50, label %59, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 ksys_dup 2 __x64_sys_dup ------------- Path:  Function:__x64_sys_dup %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i32 @ksys_dup(i32 %4) #69 Function:ksys_dup %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable* %9 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %58, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %16, i64 0, i32 1 %18 = load %struct.file.43183**, %struct.file.43183*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.43183*, %struct.file.43183** %18, i64 %23 %25 = bitcast %struct.file.43183** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.43183* %28 = icmp eq i64 %26, 0 br i1 %28, label %58, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable* %46 = icmp eq %struct.fdtable* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.43183* %50 = icmp eq %struct.file.43183* %49, %27 br i1 %50, label %59, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 kcompat_sys_fstatfs64 3 __ia32_compat_sys_fstatfs64 ------------- Path:  Function:__ia32_compat_sys_fstatfs64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to %struct.compat_statfs64* %12 = tail call i32 @kcompat_sys_fstatfs64(i32 %9, i32 %10, %struct.compat_statfs64* %11) #69 Function:kcompat_sys_fstatfs64 %4 = alloca %struct.compat_statfs64, align 4 %5 = alloca %struct.kstatfs, align 8 %6 = bitcast %struct.kstatfs* %5 to i8* %7 = icmp eq i32 %1, 84 br i1 %7, label %8, label %75 %9 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_compat_sys_fstatfs ------------- Path:  Function:__ia32_compat_sys_fstatfs %2 = alloca %struct.compat_statfs, align 4 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstatfs64 ------------- Path:  Function:__ia32_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = bitcast %struct.kstatfs* %3 to i8* %13 = icmp eq i64 %8, 120 br i1 %13, label %14, label %37 %15 = trunc i64 %5 to i32 %16 = tail call i64 @__fdget_raw(i32 %15) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstatfs64 ------------- Path:  Function:__x64_sys_fstatfs64 %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = bitcast %struct.kstatfs* %3 to i8* %12 = icmp eq i64 %7, 120 br i1 %12, label %13, label %35 %14 = trunc i64 %5 to i32 %15 = tail call i64 @__fdget_raw(i32 %14) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstatfs ------------- Path:  Function:__ia32_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstatfs ------------- Path:  Function:__x64_sys_fstatfs %2 = alloca %struct.kstatfs, align 8 %3 = alloca %struct.kstatfs, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = trunc i64 %5 to i32 %10 = bitcast %struct.kstatfs* %3 to i8* %11 = tail call i64 @__fdget_raw(i32 %9) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fchdir ------------- Path:  Function:__x64_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fchdir ------------- Path:  Function:__ia32_sys_fchdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 vfs_statx_fd 3 __ia32_compat_sys_x86_fstat64 ------------- Path:  Function:__ia32_compat_sys_x86_fstat64 %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kstat* %2 to i8* %9 = call i32 @vfs_statx_fd(i32 %7, %struct.kstat* nonnull %2, i32 2047, i32 0) #69 Function:vfs_statx_fd %5 = and i32 %3, -24577 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %18 %8 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __x64_sys_fstat ------------- Path:  Function:__x64_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.__old_kernel_stat** %7 = load %struct.__old_kernel_stat*, %struct.__old_kernel_stat** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kstat* %2 to i8* %10 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_sys_fstat ------------- Path:  Function:__ia32_sys_fstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.__old_kernel_stat* %10 = bitcast %struct.kstat* %2 to i8* %11 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_newfstat 3 __ia32_sys_newfstat ------------- Path:  Function:__ia32_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_newfstat(i64 %4, i64 %7) #69 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i64 @__fdget_raw(i32 %5) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_newfstat 3 __x64_sys_newfstat ------------- Path:  Function:__x64_sys_newfstat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_newfstat(i64 %3, i64 %5) #69 Function:__se_sys_newfstat %3 = alloca %struct.stat, align 8 %4 = alloca %struct.kstat, align 8 %5 = trunc i64 %0 to i32 %6 = bitcast %struct.kstat* %4 to i8* %7 = tail call i64 @__fdget_raw(i32 %5) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __ia32_compat_sys_newfstat ------------- Path:  Function:__ia32_compat_sys_newfstat %2 = alloca %struct.kstat, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_stat* %10 = bitcast %struct.kstat* %2 to i8* %11 = tail call i64 @__fdget_raw(i32 %8) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_fcntl 3 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 __se_sys_fcntl 3 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 do_compat_fcntl64 3 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fdget_raw 2 do_compat_fcntl64 3 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 Function:__fdget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %28 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %29 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %30 = bitcast %struct.fdtable** %29 to i64* %31 = load volatile i64, i64* %30, align 8 %32 = inttoptr i64 %31 to %struct.fdtable* %33 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %32, i64 0, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp ugt i32 %34, %0 br i1 %35, label %36, label %82, !prof !7, !misexpect !8 %37 = zext i32 %0 to i64 br label %38 %39 = phi i32 [ %34, %36 ], [ %80, %76 ] %40 = phi %struct.fdtable* [ %32, %36 ], [ %78, %76 ] %41 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %40, i64 0, i32 1 %42 = load %struct.file.43183**, %struct.file.43183*** %41, align 8 %43 = zext i32 %39 to i64 %44 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %43, i64 %37) #6, !srcloc !5 %45 = trunc i64 %44 to i32 %46 = and i32 %45, %0 %47 = zext i32 %46 to i64 %48 = getelementptr %struct.file.43183*, %struct.file.43183** %42, i64 %47 %49 = bitcast %struct.file.43183** %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = inttoptr i64 %50 to %struct.file.43183* %52 = icmp eq i64 %50, 0 br i1 %52, label %82, label %53, !prof !9, !misexpect !8 %54 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %51, i64 0, i32 6, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = icmp eq i64 %55, 0 br i1 %56, label %76, label %57, !prof !9, !misexpect !8 %58 = phi i64 [ %65, %64 ], [ %55, %53 ] %59 = add i64 %58, 1 %60 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %54, i64 %59, i64* %54, i64 %58) #6, !srcloc !10 %61 = extractvalue { i8, i64 } %60, 0 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %64, label %67, !prof !9, !misexpect !8 %68 = load volatile i64, i64* %30, align 8 %69 = inttoptr i64 %68 to %struct.fdtable* %70 = icmp eq %struct.fdtable* %40, %69 br i1 %70, label %71, label %75, !prof !7, !misexpect !8 %72 = load volatile i64, i64* %49, align 8 %73 = inttoptr i64 %72 to %struct.file.43183* %74 = icmp eq %struct.file.43183* %73, %51 br i1 %74, label %83, label %75, !prof !7, !misexpect !8 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %51, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __x64_sys_lseek ------------- Path:  Function:__x64_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_sys_lseek ------------- Path:  Function:__ia32_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_lseek ------------- Path:  Function:__ia32_compat_sys_lseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %7 to i32 %10 = shl i64 %5, 32 %11 = ashr exact i64 %10, 32 %12 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_llseek 4 __ia32_sys_llseek ------------- Path:  Function:__ia32_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_llseek(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_llseek 4 __x64_sys_llseek ------------- Path:  Function:__x64_sys_llseek %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_llseek(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_llseek %6 = alloca i64, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %4 to i32 %9 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_read 4 __ia32_sys_read ------------- Path:  Function:__ia32_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_read(i32 %10, i8* %11, i64 %9) #69 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_read 4 __x64_sys_read ------------- Path:  Function:__x64_sys_read %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_read(i32 %9, i8* %6, i64 %8) #69 Function:ksys_read %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_write 4 __ia32_sys_write ------------- Path:  Function:__ia32_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @ksys_write(i32 %10, i8* %11, i64 %9) #69 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_write 4 __x64_sys_write ------------- Path:  Function:__x64_sys_write %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @ksys_write(i32 %9, i8* %6, i64 %8) #69 Function:ksys_write %4 = alloca i64, align 8 %5 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __x64_sys_preadv2 ------------- Path:  Function:__x64_sys_preadv2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __ia32_sys_readv ------------- Path:  Function:__ia32_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_readv(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_readv 4 __x64_sys_readv ------------- Path:  Function:__x64_sys_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_readv(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #69 Function:do_readv %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __x64_sys_pwritev2 ------------- Path:  Function:__x64_sys_pwritev2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %12 to i32 %14 = icmp eq i64 %10, -1 br i1 %14, label %15, label %17 %16 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 %13) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __ia32_sys_writev ------------- Path:  Function:__ia32_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = inttoptr i64 %7 to %struct.iovec* %12 = tail call fastcc i64 @do_writev(i64 %4, %struct.iovec* %11, i64 %10, i32 0) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 do_writev 4 __x64_sys_writev ------------- Path:  Function:__x64_sys_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.iovec** %6 = load %struct.iovec*, %struct.iovec** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = tail call fastcc i64 @do_writev(i64 %3, %struct.iovec* %6, i64 %8, i32 0) #69 Function:do_writev %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_readv ------------- Path:  Function:__ia32_compat_sys_readv %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %7 to i32 %13 = tail call i64 @__fdget_pos(i32 %12) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = trunc i64 %11 to i32 %25 = inttoptr i64 %14 to %struct.util_est* %26 = trunc i64 %16 to i32 %27 = trunc i64 %23 to i32 %28 = shl i64 %21, 32 %29 = or i64 %28, %19 %30 = icmp eq i64 %29, -1 br i1 %30, label %31, label %76 %32 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_writev ------------- Path:  Function:__ia32_compat_sys_writev %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget_pos(i32 %9) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %8 to %struct.util_est* %21 = trunc i64 %18 to i32 %22 = shl i64 %16, 32 %23 = or i64 %22, %14 %24 = icmp eq i64 %23, -1 br i1 %24, label %25, label %49 %26 = tail call i64 @__fdget_pos(i32 %19) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __x64_sys_old_readdir ------------- Path:  Function:__x64_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = tail call i64 @__fdget_pos(i32 %7) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_sys_old_readdir ------------- Path:  Function:__ia32_sys_old_readdir %2 = alloca %struct.readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_getdents 4 __ia32_sys_getdents ------------- Path:  Function:__ia32_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_getdents(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = inttoptr i64 %1 to %struct.old_linux_dirent* %6 = trunc i64 %2 to i32 %7 = bitcast %struct.getdents_callback* %4 to i8* %8 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %5, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %6, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = and i64 %2, 4294967295 %16 = tail call %struct.task_struct.135557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = add i64 %15, %1 %20 = icmp ult i64 %19, %15 %21 = icmp ugt i64 %19, %18 %22 = or i1 %20, %21 br i1 %22, label %63, label %23, !prof !5, !misexpect !6 %24 = trunc i64 %0 to i32 %25 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __se_sys_getdents 4 __x64_sys_getdents ------------- Path:  Function:__x64_sys_getdents %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_getdents(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_getdents %4 = alloca %struct.getdents_callback, align 8 %5 = inttoptr i64 %1 to %struct.old_linux_dirent* %6 = trunc i64 %2 to i32 %7 = bitcast %struct.getdents_callback* %4 to i8* %8 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0 %9 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 0, i32 1 store i64 0, i64* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 1 store %struct.old_linux_dirent* %5, %struct.old_linux_dirent** %11, align 8 %12 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 2 store i32 0, i32* %12, align 8 %13 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 3 store i32 %6, i32* %13, align 4 %14 = getelementptr inbounds %struct.getdents_callback, %struct.getdents_callback* %4, i64 0, i32 4 store i32 0, i32* %14, align 8 %15 = and i64 %2, 4294967295 %16 = tail call %struct.task_struct.135557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %16, i64 0, i32 163, i32 17, i32 0 %18 = load i64, i64* %17, align 8 %19 = add i64 %15, %1 %20 = icmp ult i64 %19, %15 %21 = icmp ugt i64 %19, %18 %22 = or i1 %20, %21 br i1 %22, label %63, label %23, !prof !5, !misexpect !6 %24 = trunc i64 %0 to i32 %25 = tail call i64 @__fdget_pos(i32 %24) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_getdents64 4 __ia32_sys_getdents64 ------------- Path:  Function:__ia32_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.linux_dirent64* %11 = trunc i64 %8 to i32 %12 = tail call i32 @ksys_getdents64(i32 %9, %struct.linux_dirent64* %10, i32 %11) #69 Function:ksys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = bitcast %struct.getdents_callback64* %4 to i8* %6 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0 %7 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %8 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %1, %struct.linux_dirent64** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %2, i32* %11, align 4 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %12, align 8 %13 = zext i32 %2 to i64 %14 = tail call %struct.task_struct.135557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %14, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = ptrtoint %struct.linux_dirent64* %1 to i64 %18 = add i64 %13, %17 %19 = icmp ult i64 %18, %13 %20 = icmp ugt i64 %18, %16 %21 = or i1 %19, %20 br i1 %21, label %57, label %22, !prof !5, !misexpect !6 %23 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 ksys_getdents64 4 __x64_sys_getdents64 ------------- Path:  Function:__x64_sys_getdents64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.linux_dirent64** %6 = load %struct.linux_dirent64*, %struct.linux_dirent64** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @ksys_getdents64(i32 %9, %struct.linux_dirent64* %6, i32 %10) #69 Function:ksys_getdents64 %4 = alloca %struct.getdents_callback64, align 8 %5 = bitcast %struct.getdents_callback64* %4 to i8* %6 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0 %7 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @filldir64, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %8 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 0, i32 1 store i64 0, i64* %8, align 8 %9 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 1 store %struct.linux_dirent64* %1, %struct.linux_dirent64** %9, align 8 %10 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 2 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 3 store i32 %2, i32* %11, align 4 %12 = getelementptr inbounds %struct.getdents_callback64, %struct.getdents_callback64* %4, i64 0, i32 4 store i32 0, i32* %12, align 8 %13 = zext i32 %2 to i64 %14 = tail call %struct.task_struct.135557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %14, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = ptrtoint %struct.linux_dirent64* %1 to i64 %18 = add i64 %13, %17 %19 = icmp ult i64 %18, %13 %20 = icmp ugt i64 %18, %16 %21 = or i1 %19, %20 br i1 %21, label %57, label %22, !prof !5, !misexpect !6 %23 = tail call i64 @__fdget_pos(i32 %0) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_old_readdir ------------- Path:  Function:__ia32_compat_sys_old_readdir %2 = alloca %struct.compat_readdir_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %10 = tail call i64 @__fdget_pos(i32 %8) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 __fdget_pos 3 __ia32_compat_sys_getdents ------------- Path:  Function:__ia32_compat_sys_getdents %2 = alloca %struct.compat_getdents_callback, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = inttoptr i64 %7 to %struct.compat_old_linux_dirent* %11 = trunc i64 %9 to i32 %12 = bitcast %struct.compat_getdents_callback* %2 to i8* %13 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0 %14 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 0 store i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)* @compat_filldir, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %14, align 8 %15 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 0, i32 1 store i64 0, i64* %15, align 8 %16 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 1 store %struct.compat_old_linux_dirent* %10, %struct.compat_old_linux_dirent** %16, align 8 %17 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 2 store %struct.compat_old_linux_dirent* null, %struct.compat_old_linux_dirent** %17, align 8 %18 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 3 store i32 %11, i32* %18, align 8 %19 = getelementptr inbounds %struct.compat_getdents_callback, %struct.compat_getdents_callback* %2, i64 0, i32 4 store i32 0, i32* %19, align 4 %20 = tail call %struct.task_struct.135557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135557**)) #10, !srcloc !4 %21 = getelementptr inbounds %struct.task_struct.135557, %struct.task_struct.135557* %20, i64 0, i32 163, i32 17, i32 0 %22 = load i64, i64* %21, align 8 %23 = and i64 %9, 4294967295 %24 = add nuw nsw i64 %23, %7 %25 = icmp ugt i64 %24, %22 br i1 %25, label %60, label %26, !prof !5, !misexpect !6 %27 = trunc i64 %4 to i32 %28 = tail call i64 @__fdget_pos(i32 %27) #69 Function:__fdget_pos %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %36 %37 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap_pgoff ------------- Path:  Function:__ia32_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call i64 @ksys_mmap_pgoff(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.112786* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.112786* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap_pgoff ------------- Path:  Function:__x64_sys_mmap_pgoff %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call i64 @ksys_mmap_pgoff(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.112786* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.112786* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __x64_sys_mmap ------------- Path:  Function:__x64_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %19 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = lshr i64 %3, 12 %18 = tail call i64 @ksys_mmap_pgoff(i64 %16, i64 %14, i64 %12, i64 %10, i64 %8, i64 %17) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.112786* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.112786* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_sys_mmap ------------- Path:  Function:__ia32_sys_mmap %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4095 %5 = icmp eq i64 %4, 0 br i1 %5, label %6, label %25 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %20 = load i64, i64* %19, align 8 %21 = and i64 %20, 4294967295 %22 = lshr i64 %3, 12 %23 = and i64 %22, 1048575 %24 = tail call i64 @ksys_mmap_pgoff(i64 %21, i64 %18, i64 %15, i64 %12, i64 %9, i64 %23) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.112786* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.112786* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 ksys_mmap_pgoff 4 __ia32_compat_sys_x86_mmap ------------- Path:  Function:__ia32_compat_sys_x86_mmap %2 = alloca %struct.mmap_arg_struct32, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.mmap_arg_struct32* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 24) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %34 %11 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 5 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 4095 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %34 %16 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = zext i32 %17 to i64 %19 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 1 %20 = load i32, i32* %19, align 4 %21 = zext i32 %20 to i64 %22 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 2 %23 = load i32, i32* %22, align 4 %24 = zext i32 %23 to i64 %25 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 3 %26 = load i32, i32* %25, align 4 %27 = zext i32 %26 to i64 %28 = getelementptr inbounds %struct.mmap_arg_struct32, %struct.mmap_arg_struct32* %2, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = zext i32 %29 to i64 %31 = lshr i32 %12, 12 %32 = zext i32 %31 to i64 %33 = call i64 @ksys_mmap_pgoff(i64 %18, i64 %21, i64 %24, i64 %27, i64 %30, i64 %32) #69 Function:ksys_mmap_pgoff %7 = alloca %struct.user_struct*, align 8 %8 = and i64 %3, 32 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %58 %11 = trunc i64 %4 to i32 %12 = trunc i64 %3 to i32 %13 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %23 = tail call %struct.file.112786* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.112786* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 proc_ns_fget 4 __se_sys_setns 5 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !4 %6 = tail call %struct.file.49837* bitcast (%struct.file.143576* (i32)* @proc_ns_fget to %struct.file.49837* (i32)*)(i32 %3) #69 Function:proc_ns_fget %2 = tail call %struct.file.143576* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.143576* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 proc_ns_fget 4 __se_sys_setns 5 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !4 %6 = tail call %struct.file.49837* bitcast (%struct.file.143576* (i32)* @proc_ns_fget to %struct.file.49837* (i32)*)(i32 %3) #69 Function:proc_ns_fget %2 = tail call %struct.file.143576* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.143576* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 __se_sys_fsconfig 4 __ia32_sys_fsconfig ------------- Path:  Function:__ia32_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsconfig(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %137 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 6, i8* %137, align 8 %138 = tail call %struct.file.138748* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.138748* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 __se_sys_fsconfig 4 __x64_sys_fsconfig ------------- Path:  Function:__x64_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsconfig(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %137 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 6, i8* %137, align 8 %138 = tail call %struct.file.138748* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.138748* (i32)*)(i32 %11) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_getsockopt 5 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %207 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %208 = load i32, i32* %207, align 8 %209 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %210 = load i32, i32* %209, align 4 %211 = zext i32 %210 to i64 %212 = inttoptr i64 %211 to i8* %213 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %214 = load i32, i32* %213, align 16 %215 = zext i32 %214 to i64 %216 = inttoptr i64 %215 to i32* %217 = call fastcc i32 @__compat_sys_getsockopt(i32 %89, i32 %91, i32 %208, i8* %212, i32* %216) #69 Function:__compat_sys_getsockopt %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* %8 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %6) #69 Function:sockfd_lookup %3 = tail call %struct.file.250940* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.250940* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_getsockopt 5 __ia32_compat_sys_getsockopt ------------- Path:  Function:__ia32_compat_sys_getsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = inttoptr i64 %10 to i8* %18 = inttoptr i64 %13 to i32* %19 = tail call fastcc i32 @__compat_sys_getsockopt(i32 %14, i32 %15, i32 %16, i8* %17, i32* %18) #69 Function:__compat_sys_getsockopt %6 = alloca i32, align 4 %7 = bitcast i32* %6 to i8* %8 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %6) #69 Function:sockfd_lookup %3 = tail call %struct.file.250940* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.250940* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 __fget 2 fget 3 sockfd_lookup 4 __compat_sys_setsockopt 5 __ia32_compat_sys_setsockopt ------------- Path:  Function:__ia32_compat_sys_setsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %10 to i8* %17 = trunc i64 %12 to i32 %18 = tail call fastcc i32 @__compat_sys_setsockopt(i32 %13, i32 %14, i32 %15, i8* %16, i32 %17) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.compat_sock_fprog, align 4 %7 = alloca %struct.sock_fprog_kern, align 8 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = icmp slt i32 %4, 0 br i1 %10, label %69, label %11 %12 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 Function:sockfd_lookup %3 = tail call %struct.file.250940* bitcast (%struct.file.43183* (i32)* @fget to %struct.file.250940* (i32)*)(i32 %0) #69 Function:fget %2 = tail call fastcc %struct.file.43183* @__fget(i32 %0, i32 16384, i32 1) #69 Function:__fget %4 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %4, i64 0, i32 85 %6 = load %struct.files_struct*, %struct.files_struct** %5, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %7 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %6, i64 0, i32 3 %8 = bitcast %struct.fdtable** %7 to i64* %9 = load volatile i64, i64* %8, align 8 %10 = inttoptr i64 %9 to %struct.fdtable* %11 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %10, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = icmp ugt i32 %12, %0 br i1 %13, label %14, label %68, !prof !6, !misexpect !7 %15 = zext i32 %0 to i64 %16 = zext i32 %2 to i64 br label %17 %18 = phi i32 [ %12, %14 ], [ %64, %60 ] %19 = phi %struct.fdtable* [ %10, %14 ], [ %62, %60 ] %20 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %19, i64 0, i32 1 %21 = load %struct.file.43183**, %struct.file.43183*** %20, align 8 %22 = zext i32 %18 to i64 %23 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %22, i64 %15) #6, !srcloc !8 %24 = trunc i64 %23 to i32 %25 = and i32 %24, %0 %26 = zext i32 %25 to i64 %27 = getelementptr %struct.file.43183*, %struct.file.43183** %21, i64 %26 %28 = bitcast %struct.file.43183** %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.file.43183* %31 = icmp eq i64 %29, 0 br i1 %31, label %68, label %32, !prof !9, !misexpect !7 %33 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 8 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, %1 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %68, !prof !6, !misexpect !7 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %30, i64 0, i32 6, i32 0 %39 = load volatile i64, i64* %38, align 8 %40 = icmp eq i64 %39, 0 br i1 %40, label %60, label %41, !prof !9, !misexpect !7 %42 = phi i64 [ %49, %48 ], [ %39, %37 ] %43 = add i64 %42, %16 %44 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %38, i64 %43, i64* %38, i64 %42) #6, !srcloc !10 %45 = extractvalue { i8, i64 } %44, 0 %46 = and i8 %45, 1 %47 = icmp eq i8 %46, 0 br i1 %47, label %48, label %51, !prof !9, !misexpect !7 %52 = load volatile i64, i64* %8, align 8 %53 = inttoptr i64 %52 to %struct.fdtable* %54 = icmp eq %struct.fdtable* %19, %53 br i1 %54, label %55, label %59, !prof !6, !misexpect !7 %56 = load volatile i64, i64* %28, align 8 %57 = inttoptr i64 %56 to %struct.file.43183* %58 = icmp eq %struct.file.43183* %57, %30 br i1 %58, label %66, label %59, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %30, i32 %2) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Use: =BAD PATH= Call Stack: 0 fput_many 1 fget_raw 2 __scm_send 3 netlink_sendmsg ------------- Path:  Function:netlink_sendmsg %4 = alloca %struct.scm_cookie.676973, align 8 %5 = getelementptr inbounds %struct.socket.245445, %struct.socket.245445* %0, i64 0, i32 4 %6 = load %struct.sock.245448*, %struct.sock.245448** %5, align 8 %7 = bitcast %struct.sock.245448* %6 to %struct.netlink_sock* %8 = bitcast %struct.msghdr.245416* %1 to %struct.sctphdr** %9 = load %struct.sctphdr*, %struct.sctphdr** %8, align 8 %10 = bitcast %struct.scm_cookie.676973* %4 to i8* %11 = getelementptr inbounds %struct.msghdr.245416, %struct.msghdr.245416* %1, i64 0, i32 5 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %191 %16 = icmp eq i64 %2, 0 br i1 %16, label %17, label %21 %22 = getelementptr inbounds %struct.scm_cookie.676973, %struct.scm_cookie.676973* %4, i64 0, i32 2, i32 1, i32 0 store i32 -1, i32* %22, align 4 %23 = getelementptr inbounds %struct.scm_cookie.676973, %struct.scm_cookie.676973* %4, i64 0, i32 2, i32 2, i32 0 store i32 -1, i32* %23, align 8 %24 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %24, i64 0, i32 87 %26 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %25, align 8 %27 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %26, i64 0, i32 21, i64 1 %28 = load %struct.pid.245407*, %struct.pid.245407** %27, align 8 %29 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %24, i64 0, i32 78 %30 = load %struct.cred*, %struct.cred** %29, align 64 %31 = getelementptr inbounds %struct.cred, %struct.cred* %30, i64 0, i32 1, i32 0 %32 = load i32, i32* %31, align 4 %33 = getelementptr inbounds %struct.cred, %struct.cred* %30, i64 0, i32 2, i32 0 %34 = load i32, i32* %33, align 8 %35 = icmp eq %struct.pid.245407* %28, null br i1 %35, label %47, label %36 %37 = getelementptr inbounds %struct.pid.245407, %struct.pid.245407* %28, i64 0, i32 0 %38 = getelementptr inbounds %struct.pid.245407, %struct.pid.245407* %28, i64 0, i32 0, i32 0, i32 0 %39 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %38, i32 1, i32* %38) #6, !srcloc !5 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %42, !prof !6, !misexpect !7 %43 = add i32 %39, 1 %44 = or i32 %43, %39 %45 = icmp sgt i32 %44, -1 br i1 %45, label %47, label %46, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* %37, i32 1) #70 br label %47 %48 = getelementptr inbounds %struct.scm_cookie.676973, %struct.scm_cookie.676973* %4, i64 0, i32 0 store %struct.pid.245407* %28, %struct.pid.245407** %48, align 8 %49 = tail call i32 bitcast (i32 (%struct.pid.49683*)* @pid_vnr to i32 (%struct.pid.245407*)*)(%struct.pid.245407* %28) #70 %50 = getelementptr inbounds %struct.scm_cookie.676973, %struct.scm_cookie.676973* %4, i64 0, i32 2, i32 0 store i32 %49, i32* %50, align 8 store i32 %32, i32* %22, align 4 store i32 %34, i32* %23, align 8 %51 = getelementptr inbounds %struct.scm_cookie.676973, %struct.scm_cookie.676973* %4, i64 0, i32 3 %52 = call i32 bitcast (i32 (%struct.socket*, %struct.sk_buff*, i32*)* @security_socket_getpeersec_dgram to i32 (%struct.socket.245445*, %struct.sk_buff.245212*, i32*)*)(%struct.socket.245445* %0, %struct.sk_buff.245212* null, i32* %51) #70 %53 = getelementptr inbounds %struct.msghdr.245416, %struct.msghdr.245416* %1, i64 0, i32 4 %54 = load i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %59, label %56 %57 = call i32 bitcast (i32 (%struct.socket.250973*, %struct.msghdr.250942*, %struct.scm_cookie*)* @__scm_send to i32 (%struct.socket.245445*, %struct.msghdr.245416*, %struct.scm_cookie.676973*)*)(%struct.socket.245445* %0, %struct.msghdr.245416* %1, %struct.scm_cookie.676973* nonnull %4) #70 Function:__scm_send %4 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %5 = load i64, i64* %4, align 8 %6 = icmp ugt i64 %5, 15 br i1 %6, label %7, label %207 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 3 %9 = bitcast i8** %8 to %struct.arch_uprobe_task** %10 = load %struct.arch_uprobe_task*, %struct.arch_uprobe_task** %9, align 8 %11 = icmp eq %struct.arch_uprobe_task* %10, null br i1 %11, label %207, label %12 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 3 %14 = bitcast i8** %13 to i64* %15 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 0 %16 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 0 %17 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 1, i32 0 %18 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 2, i32 2, i32 0 %19 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 5 %20 = getelementptr inbounds %struct.scm_cookie, %struct.scm_cookie* %2, i64 0, i32 1 %21 = bitcast %struct.scm_fp_list** %20 to i8** br label %22 %23 = phi i64 [ %5, %12 ], [ %194, %192 ] %24 = phi %struct.arch_uprobe_task* [ %10, %12 ], [ %205, %192 ] %25 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 0 %26 = load i64, i64* %25, align 8 %27 = icmp ugt i64 %26, 15 br i1 %27, label %28, label %219 %29 = load i64, i64* %14, align 8 %30 = ptrtoint %struct.arch_uprobe_task* %24 to i64 %31 = sub i64 %23, %30 %32 = add i64 %31, %29 %33 = icmp ugt i64 %26, %32 br i1 %33, label %219, label %34 %35 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 1 %36 = load i32, i32* %35, align 8 %37 = icmp eq i32 %36, 1 br i1 %37, label %38, label %192 %39 = getelementptr inbounds %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 0, i32 2 %40 = load i32, i32* %39, align 4 switch i32 %40, label %219 [ i32 1, label %41 i32 2, label %123 ] %42 = load %struct.proto_ops.250972*, %struct.proto_ops.250972** %19, align 32 %43 = icmp eq %struct.proto_ops.250972* %42, null br i1 %43, label %219, label %44 %45 = getelementptr inbounds %struct.proto_ops.250972, %struct.proto_ops.250972* %42, i64 0, i32 0 %46 = load i32, i32* %45, align 8 %47 = icmp eq i32 %46, 1 br i1 %47, label %48, label %219 %49 = getelementptr %struct.arch_uprobe_task, %struct.arch_uprobe_task* %24, i64 1 %50 = bitcast %struct.arch_uprobe_task* %49 to i32* %51 = load %struct.scm_fp_list*, %struct.scm_fp_list** %20, align 8 %52 = add i64 %26, 17179869168 %53 = lshr i64 %52, 2 %54 = trunc i64 %53 to i32 %55 = icmp slt i32 %54, 1 br i1 %55, label %192, label %56 %57 = icmp sgt i32 %54, 253 br i1 %57, label %219, label %58 %59 = icmp eq %struct.scm_fp_list* %51, null br i1 %59, label %60, label %71 %61 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 11), align 8 %62 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %61, i32 3264, i64 2040) #69 %63 = icmp eq i8* %62, null br i1 %63, label %219, label %64 %65 = bitcast i8* %62 to %struct.scm_fp_list* store i8* %62, i8** %21, align 8 %66 = bitcast i8* %62 to i16* store i16 0, i16* %66, align 8 %67 = getelementptr inbounds i8, i8* %62, i64 2 %68 = bitcast i8* %67 to i16* store i16 253, i16* %68, align 2 %69 = getelementptr inbounds i8, i8* %62, i64 8 %70 = bitcast i8* %69 to %struct.user_struct** store %struct.user_struct* null, %struct.user_struct** %70, align 8 br label %71 %72 = phi %struct.scm_fp_list* [ %51, %58 ], [ %65, %64 ] %73 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 0 %74 = load i16, i16* %73, align 8 %75 = sext i16 %74 to i32 %76 = add nsw i32 %75, %54 %77 = getelementptr inbounds %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 1 %78 = load i16, i16* %77, align 2 %79 = sext i16 %78 to i32 %80 = icmp sgt i32 %76, %79 br i1 %80, label %219, label %81 %82 = sext i16 %74 to i64 %83 = getelementptr %struct.scm_fp_list, %struct.scm_fp_list* %72, i64 0, i32 3, i64 %82 %84 = and i64 %53, 4294967295 br label %85 %86 = phi i64 [ 0, %81 ], [ %98, %94 ] %87 = phi %struct.file.250940** [ %83, %81 ], [ %95, %94 ] %88 = getelementptr i32, i32* %50, i64 %86 %89 = load i32, i32* %88, align 4 %90 = icmp slt i32 %89, 0 br i1 %90, label %219, label %91 %92 = tail call %struct.file.250940* bitcast (%struct.file.43183* (i32)* @fget_raw to %struct.file.250940* (i32)*)(i32 %89) #69 Function:fget_raw %2 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %2, i64 0, i32 85 %4 = load %struct.files_struct*, %struct.files_struct** %3, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %5 = getelementptr inbounds %struct.files_struct, %struct.files_struct* %4, i64 0, i32 3 %6 = bitcast %struct.fdtable** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.fdtable* %9 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %8, i64 0, i32 0 %10 = load i32, i32* %9, align 8 %11 = icmp ugt i32 %10, %0 br i1 %11, label %12, label %60, !prof !6, !misexpect !7 %13 = zext i32 %0 to i64 br label %14 %15 = phi i32 [ %10, %12 ], [ %56, %52 ] %16 = phi %struct.fdtable* [ %8, %12 ], [ %54, %52 ] %17 = getelementptr inbounds %struct.fdtable, %struct.fdtable* %16, i64 0, i32 1 %18 = load %struct.file.43183**, %struct.file.43183*** %17, align 8 %19 = zext i32 %15 to i64 %20 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %19, i64 %13) #6, !srcloc !8 %21 = trunc i64 %20 to i32 %22 = and i32 %21, %0 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.file.43183*, %struct.file.43183** %18, i64 %23 %25 = bitcast %struct.file.43183** %24 to i64* %26 = load volatile i64, i64* %25, align 8 %27 = inttoptr i64 %26 to %struct.file.43183* %28 = icmp eq i64 %26, 0 br i1 %28, label %60, label %29, !prof !9, !misexpect !7 %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %27, i64 0, i32 6, i32 0 %31 = load volatile i64, i64* %30, align 8 %32 = icmp eq i64 %31, 0 br i1 %32, label %52, label %33, !prof !9, !misexpect !7 %34 = phi i64 [ %41, %40 ], [ %31, %29 ] %35 = add i64 %34, 1 %36 = tail call { i8, i64 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %35, i64* %30, i64 %34) #6, !srcloc !10 %37 = extractvalue { i8, i64 } %36, 0 %38 = and i8 %37, 1 %39 = icmp eq i8 %38, 0 br i1 %39, label %40, label %43, !prof !9, !misexpect !7 %44 = load volatile i64, i64* %6, align 8 %45 = inttoptr i64 %44 to %struct.fdtable* %46 = icmp eq %struct.fdtable* %16, %45 br i1 %46, label %47, label %51, !prof !6, !misexpect !7 %48 = load volatile i64, i64* %25, align 8 %49 = inttoptr i64 %48 to %struct.file.43183* %50 = icmp eq %struct.file.43183* %49, %27 br i1 %50, label %58, label %51, !prof !6, !misexpect !7 tail call void bitcast (void (%struct.file.131664*, i32)* @fput_many to void (%struct.file.43183*, i32)*)(%struct.file.43183* nonnull %27, i32 1) #69 Function:fput_many %3 = zext i32 %1 to i64 %4 = getelementptr inbounds %struct.file.131664, %struct.file.131664* %0, i64 0, i32 6, i32 0 %5 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %4, i64 %3, i64* %4) #6, !srcloc !4 %6 = and i8 %5, 1 %7 = icmp eq i8 %6, 0 br i1 %7, label %29, label %8 %9 = tail call %struct.task_struct.131576* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.131576** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.131576**)) #10, !srcloc !5 %10 = tail call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !6 %11 = and i32 %10, 2096896 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %23, !prof !7 %14 = getelementptr inbounds %struct.task_struct.131576, %struct.task_struct.131576* %9, i64 0, i32 4 %15 = load i32, i32* %14, align 4 %16 = and i32 %15, 2097152 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %23, !prof !7, !misexpect !8 %24 = bitcast %struct.file.131664* %0 to %struct.llist_node* %25 = tail call zeroext i1 @llist_add_batch(%struct.llist_node* %24, %struct.llist_node* %24, %struct.llist_node* nonnull @delayed_fput_list) #69 ------------- Good: 4919 Bad: 280 Ignored: 13002 Check Use of Function:pci_read_config_dword Use: =BAD PATH= Call Stack: 0 cache_disable_1_show ------------- Path:  Function:cache_disable_1_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device.4839, %struct.device.4839* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.290621*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 448, i32* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 amd_get_subcaches 1 subcaches_show ------------- Path:  Function:subcaches_show %4 = getelementptr inbounds %struct.device.4839, %struct.device.4839* %0, i64 0, i32 8 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds i8, i8* %5, i64 32 %7 = bitcast i8* %6 to i64* %8 = tail call i64 @find_first_bit(i64* %7, i64 64) #69 %9 = trunc i64 %8 to i32 %10 = tail call i32 @amd_get_subcaches(i32 %9) #69 Function:amd_get_subcaches %2 = alloca i32, align 4 %3 = tail call zeroext i16 @amd_get_nb_id(i32 %0) #69 %4 = load i16, i16* @amd_northbridges.0, align 8 %5 = icmp ugt i16 %4, %3 %6 = load %struct.amd_northbridge*, %struct.amd_northbridge** @amd_northbridges.2, align 8 %7 = zext i16 %3 to i64 %8 = getelementptr %struct.amd_northbridge, %struct.amd_northbridge* %6, i64 %7 %9 = select i1 %5, %struct.amd_northbridge* %8, %struct.amd_northbridge* null %10 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %9, i64 0, i32 2 %11 = load %struct.pci_dev*, %struct.pci_dev** %10, align 8 %12 = bitcast i32* %2 to i8* %13 = load i64, i64* @amd_northbridges.1, align 8 %14 = and i64 %13, 4 %15 = icmp eq i64 %14, 0 br i1 %15, label %30, label %16 %17 = call i32 bitcast (i32 (%struct.pci_dev.290621*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %11, i32 468, i32* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 cache_disable_0_show ------------- Path:  Function:cache_disable_0_show %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.device.4839, %struct.device.4839* %0, i64 0, i32 8 %6 = bitcast i8** %5 to %struct.cacheinfo** %7 = load %struct.cacheinfo*, %struct.cacheinfo** %6, align 8 %8 = getelementptr inbounds %struct.cacheinfo, %struct.cacheinfo* %7, i64 0, i32 12 %9 = bitcast i8** %8 to %struct.amd_northbridge** %10 = load %struct.amd_northbridge*, %struct.amd_northbridge** %9, align 8 %11 = bitcast i32* %4 to i8* store i32 0, i32* %4, align 4 %12 = getelementptr inbounds %struct.amd_northbridge, %struct.amd_northbridge* %10, i64 0, i32 1 %13 = load %struct.pci_dev*, %struct.pci_dev** %12, align 8 %14 = call i32 bitcast (i32 (%struct.pci_dev.290621*, i32, i32*)* @pci_read_config_dword to i32 (%struct.pci_dev*, i32, i32*)*)(%struct.pci_dev* %13, i32 444, i32* nonnull %4) #69 ------------- Good: 1753 Bad: 3 Ignored: 4520 Check Use of Function:pci_write_config_dword Check Use of Function:i915_gem_context_release Use: =BAD PATH= Call Stack: 0 i915_gem_context_getparam_ioctl ------------- Path:  Function:i915_gem_context_getparam_ioctl %4 = alloca i32, align 4 %5 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %6 = getelementptr inbounds %struct.drm_file.387874, %struct.drm_file.387874* %2, i64 0, i32 17 %7 = bitcast i8** %6 to %struct.drm_i915_file_private.388029** %8 = load %struct.drm_i915_file_private.388029*, %struct.drm_i915_file_private.388029** %7, align 8 %9 = bitcast i8* %1 to i32* %10 = load i32, i32* %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.drm_i915_file_private.388029, %struct.drm_i915_file_private.388029* %8, i64 0, i32 3 %12 = zext i32 %10 to i64 %13 = tail call i8* @idr_find(%struct.idr* %11, i64 %12) #69 %14 = bitcast i8* %13 to %struct.i915_gem_context.388115* %15 = icmp eq i8* %13, null br i1 %15, label %40, label %16 %17 = getelementptr inbounds i8, i8* %13, i64 112 %18 = bitcast i8* %17 to %union.anon.21* %19 = bitcast i8* %17 to i32* %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 0 br i1 %21, label %32, label %22 %23 = phi i32 [ %30, %29 ], [ %20, %16 ] %24 = add i32 %23, 1 %25 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 %24, i32* %19, i32 %23) #6, !srcloc !5 %26 = extractvalue { i8, i32 } %25, 0 %27 = and i8 %26, 1 %28 = icmp eq i8 %27, 0 br i1 %28, label %29, label %32, !prof !6, !misexpect !7 %30 = extractvalue { i8, i32 } %25, 1 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %22 %33 = phi i32 [ 0, %16 ], [ %23, %22 ], [ 0, %29 ] %34 = add i32 %33, 1 %35 = or i32 %34, %33 %36 = icmp sgt i32 %35, -1 br i1 %36, label %38, label %37, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* %18, i32 0) #69 br label %38 %39 = icmp eq i32 %33, 0 br i1 %39, label %40, label %41 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %42 = getelementptr inbounds i8, i8* %1, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 8 switch i64 %44, label %450 [ i64 2, label %45 i64 3, label %54 i64 4, label %81 i64 5, label %91 i64 8, label %101 i64 6, label %111 i64 7, label %121 i64 9, label %211 i64 10, label %273 ] %274 = bitcast i32* %4 to %struct.nlattr* %275 = getelementptr inbounds i8, i8* %13, i64 24 %276 = bitcast i8* %275 to %struct.mutex* %277 = tail call i32 @mutex_lock_interruptible(%struct.mutex* %276) #69 %278 = icmp eq i32 %277, 0 br i1 %278, label %279, label %450 %280 = getelementptr inbounds i8, i8* %13, i64 144 %281 = bitcast i8* %280 to i64* %282 = load volatile i64, i64* %281, align 8 %283 = and i64 %282, 8 %284 = icmp eq i64 %283, 0 br i1 %284, label %338, label %285 %286 = getelementptr inbounds i8, i8* %13, i64 16 %287 = bitcast i8* %286 to %struct.i915_gem_engines.388114** %288 = load %struct.i915_gem_engines.388114*, %struct.i915_gem_engines.388114** %287, align 8 %289 = getelementptr inbounds %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %288, i64 0, i32 1 %290 = load i32, i32* %289, align 8 %291 = zext i32 %290 to i64 %292 = shl nuw nsw i64 %291, 3 %293 = add nuw nsw i64 %292, 24 %294 = tail call noalias align 8 i8* @__kmalloc(i64 %293, i32 3264) #69 %295 = icmp eq i8* %294, null br i1 %295, label %335, label %296 %297 = load i32, i32* %289, align 8 %298 = icmp eq i32 %297, 0 br i1 %298, label %331, label %299 %300 = getelementptr inbounds i8, i8* %294, i64 24 %301 = bitcast i8* %300 to [0 x %struct.intel_context.388113*]* br label %302 %303 = phi i32 [ %297, %299 ], [ %325, %324 ] %304 = phi i64 [ 0, %299 ], [ %326, %324 ] %305 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %288, i64 0, i32 2, i64 %304 %306 = load %struct.intel_context.388113*, %struct.intel_context.388113** %305, align 8 %307 = icmp eq %struct.intel_context.388113* %306, null br i1 %307, label %322, label %308 %323 = getelementptr [0 x %struct.intel_context.388113*], [0 x %struct.intel_context.388113*]* %301, i64 0, i64 %304 store %struct.intel_context.388113* null, %struct.intel_context.388113** %323, align 8 br label %324 %325 = phi i32 [ %321, %319 ], [ %303, %322 ] %326 = add nuw nsw i64 %304, 1 %327 = zext i32 %325 to i64 %328 = icmp ult i64 %326, %327 br i1 %328, label %302, label %329 %330 = trunc i64 %326 to i32 br label %331 %332 = phi i32 [ 0, %296 ], [ %330, %329 ] %333 = getelementptr inbounds i8, i8* %294, i64 16 %334 = bitcast i8* %333 to i32* store i32 %332, i32* %334, align 8 br label %335 %336 = phi i8* [ %294, %331 ], [ inttoptr (i64 -12 to i8*), %285 ] %337 = bitcast i8* %336 to %struct.i915_gem_engines.388114* br label %338 %339 = phi %struct.i915_gem_engines.388114* [ %337, %335 ], [ null, %279 ] tail call void @mutex_unlock(%struct.mutex* %276) #69 %340 = bitcast %struct.i915_gem_engines.388114* %339 to i8* %341 = icmp eq %struct.i915_gem_engines.388114* %339, null %342 = icmp ugt %struct.i915_gem_engines.388114* %339, inttoptr (i64 -4096 to %struct.i915_gem_engines.388114*) %343 = or i1 %341, %342 br i1 %343, label %344, label %350 %351 = getelementptr inbounds %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 1 %352 = load i32, i32* %351, align 8 %353 = zext i32 %352 to i64 %354 = shl nuw nsw i64 %353, 2 %355 = add nuw nsw i64 %354, 8 %356 = icmp ult i32 %352, 1073741822 br i1 %356, label %357, label %418 %358 = getelementptr inbounds i8, i8* %1, i64 4 %359 = bitcast i8* %358 to i32* %360 = load i32, i32* %359, align 4 %361 = icmp eq i32 %360, 0 br i1 %361, label %362, label %364 %365 = zext i32 %360 to i64 %366 = icmp ugt i64 %355, %365 br i1 %366, label %412, label %367 %368 = getelementptr inbounds i8, i8* %1, i64 16 %369 = bitcast i8* %368 to %struct.i915_context_param_engines** %370 = load %struct.i915_context_param_engines*, %struct.i915_context_param_engines** %369, align 8 %371 = tail call %struct.task_struct.379408* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.379408** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.379408**)) #10, !srcloc !13 %372 = getelementptr inbounds %struct.task_struct.379408, %struct.task_struct.379408* %371, i64 0, i32 163, i32 17, i32 0 %373 = load i64, i64* %372, align 8 %374 = ptrtoint %struct.i915_context_param_engines* %370 to i64 %375 = add i64 %355, %374 %376 = icmp ult i64 %375, %355 %377 = icmp ugt i64 %375, %373 %378 = or i1 %376, %377 br i1 %378, label %412, label %379, !prof !6, !misexpect !14 %380 = getelementptr inbounds %struct.i915_context_param_engines, %struct.i915_context_param_engines* %370, i64 0, i32 0 %381 = tail call i64 asm sideeffect "call __put_user_8", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i64 0, i64* %380) #6, !srcloc !15 %382 = and i64 %381, 4294967295 %383 = icmp eq i64 %382, 0 br i1 %383, label %384, label %412, !prof !8, !misexpect !7 %385 = icmp eq i32 %352, 0 br i1 %385, label %410, label %386 %387 = bitcast i32* %4 to i8* %388 = bitcast i32* %4 to i16* %389 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %274, i64 0, i32 1 br label %392 %393 = phi i64 [ 0, %386 ], [ %409, %390 ] store i32 -1, i32* %4, align 4 %394 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 2, i64 %393 %395 = load %struct.intel_context.388113*, %struct.intel_context.388113** %394, align 8 %396 = icmp eq %struct.intel_context.388113* %395, null br i1 %396, label %404, label %397 %398 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %395, i64 0, i32 1 %399 = load %struct.intel_engine_cs.388112*, %struct.intel_engine_cs.388112** %398, align 8 %400 = getelementptr inbounds %struct.intel_engine_cs.388112, %struct.intel_engine_cs.388112* %399, i64 0, i32 11 %401 = load i16, i16* %400, align 4 store i16 %401, i16* %388, align 4 %402 = getelementptr inbounds %struct.intel_engine_cs.388112, %struct.intel_engine_cs.388112* %399, i64 0, i32 12 %403 = load i16, i16* %402, align 2 store i16 %403, i16* %389, align 2 br label %404 %405 = getelementptr %struct.i915_context_param_engines, %struct.i915_context_param_engines* %370, i64 0, i32 1, i64 %393 %406 = bitcast %struct.nlattr* %405 to i8* %407 = call i64 @_copy_to_user(i8* %406, i8* nonnull %387, i64 4) #69 %408 = icmp eq i64 %407, 0 %409 = add nuw nsw i64 %393, 1 br i1 %408, label %390, label %412 %413 = phi i32 [ 0, %410 ], [ 0, %362 ], [ -22, %364 ], [ -14, %367 ], [ -14, %379 ], [ -14, %404 ] %414 = load i32, i32* %351, align 8 %415 = icmp eq i32 %414, 0 br i1 %415, label %448, label %416 %417 = zext i32 %414 to i64 br label %418 %419 = phi i64 [ %417, %416 ], [ %353, %350 ] %420 = phi i32 [ %413, %416 ], [ -22, %350 ] br label %421 %422 = phi i64 [ %419, %418 ], [ %447, %445 ] %423 = trunc i64 %422 to i32 %424 = add i32 %423, -1 %425 = zext i32 %424 to i64 %426 = getelementptr %struct.i915_gem_engines.388114, %struct.i915_gem_engines.388114* %339, i64 0, i32 2, i64 %425 %427 = load %struct.intel_context.388113*, %struct.intel_context.388113** %426, align 8 %428 = icmp eq %struct.intel_context.388113* %427, null br i1 %428, label %445, label %429 %430 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 17 %431 = load %struct.intel_context_ops.388103*, %struct.intel_context_ops.388103** %430, align 8 %432 = getelementptr inbounds %struct.intel_context_ops.388103, %struct.intel_context_ops.388103* %431, i64 0, i32 6 %433 = load void (%struct.qspinlock*)*, void (%struct.qspinlock*)** %432, align 8 %434 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0, i32 0 %435 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0, i32 0, i32 0, i32 0 %436 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %435, i32 -1, i32* %435) #6, !srcloc !10 %437 = icmp eq i32 %436, 1 br i1 %437, label %443, label %438 %444 = getelementptr inbounds %struct.intel_context.388113, %struct.intel_context.388113* %427, i64 0, i32 0 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void %433(%struct.qspinlock* %444) #69 br label %445 %446 = icmp eq i32 %424, 0 %447 = add nsw i64 %422, -1 br i1 %446, label %448, label %421 %449 = phi i32 [ %413, %412 ], [ %420, %445 ] call void @kfree(i8* %340) #69 br label %450 %451 = phi i32 [ %210, %209 ], [ 0, %111 ], [ 0, %101 ], [ 0, %91 ], [ 0, %81 ], [ 0, %61 ], [ 0, %71 ], [ 0, %76 ], [ 0, %45 ], [ -22, %41 ], [ -19, %211 ], [ %220, %216 ], [ %263, %266 ], [ %263, %270 ], [ %263, %271 ], [ %349, %344 ], [ %449, %448 ], [ %277, %273 ] %452 = call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %19, i32 -1, i32* %19) #6, !srcloc !10 %453 = icmp eq i32 %452, 1 br i1 %453, label %459, label %454 %460 = bitcast i8* %17 to %struct.qspinlock* call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 call void @i915_gem_context_release(%struct.qspinlock* %460) #69 ------------- Good: 8 Bad: 1 Ignored: 1 Check Use of Function:xprt_wake_pending_tasks Check Use of Function:kernel_getsockname Check Use of Function:udp_v4_rehash Check Use of Function:ip6_datagram_release_cb Check Use of Function:tcp_release_cb Check Use of Function:dev_change_proto_down Check Use of Function:_dev_err Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_status_user_compat 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %580, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.628966*, %struct.snd_pcm_substream.628966** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.628966* %16, null br i1 %17, label %580, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %580 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %398 i32 1074544976, label %508 i32 -2146680495, label %512 i32 1074544978, label %516 i32 -2146680493, label %520 i32 -2147204831, label %524 i32 1074020678, label %538 i32 1074020681, label %559 ] %206 = inttoptr i64 %8 to %struct.snd_pcm_status32* %207 = tail call fastcc i32 @snd_pcm_status_user_compat(%struct.snd_pcm_substream.628966* nonnull %16, %struct.snd_pcm_status32* %206, i1 zeroext true) #69 Function:snd_pcm_status_user_compat %4 = alloca %struct.snd_pcm_status, align 8 %5 = bitcast %struct.snd_pcm_status* %4 to i8* br i1 %2, label %6, label %18 %8 = getelementptr inbounds %struct.snd_pcm_status32, %struct.snd_pcm_status32* %1, i64 0, i32 10 %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %7) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = trunc i64 %11 to i32 %15 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %4, i64 0, i32 10 store i32 %14, i32* %15, align 4 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %114, !prof !5, !misexpect !6 %19 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.628966* %0, %struct.snd_pcm_status* nonnull %4) #69 Function:snd_pcm_status %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.628951*, %struct.snd_pcm.628951** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.628951, %struct.snd_pcm.628951* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 %14 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 1 %57 = bitcast %struct.anon.54* %55 to i8* %58 = bitcast %struct.anon.54* %56 to i8* %59 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.629321*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.628966*)*)(%struct.snd_pcm_substream.628966* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.629321* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.629316*, %struct.snd_pcm_runtime.629316** %12, align 8 %14 = bitcast %struct.anon.54* %9 to i8* %15 = bitcast %struct.anon.54* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.629321*)*, i64 (%struct.snd_pcm_substream.629321*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.629321* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.54* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.629305*, %struct.snd_pcm.629305** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.629305, %struct.snd_pcm.629305* %114, i64 0, i32 0 %116 = load %struct.snd_card.629297*, %struct.snd_card.629297** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.629297, %struct.snd_card.629297* %116, i64 0, i32 27 %118 = load %struct.device.628566*, %struct.device.628566** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.628566*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.628566*, i8*, ...)*)(%struct.device.628566* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.56752, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #71 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_status_user_compat 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %580, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.628966*, %struct.snd_pcm_substream.628966** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.628966* %16, null br i1 %17, label %580, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %580 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %398 i32 1074544976, label %508 i32 -2146680495, label %512 i32 1074544978, label %516 i32 -2146680493, label %520 i32 -2147204831, label %524 i32 1074020678, label %538 i32 1074020681, label %559 ] %206 = inttoptr i64 %8 to %struct.snd_pcm_status32* %207 = tail call fastcc i32 @snd_pcm_status_user_compat(%struct.snd_pcm_substream.628966* nonnull %16, %struct.snd_pcm_status32* %206, i1 zeroext true) #69 Function:snd_pcm_status_user_compat %4 = alloca %struct.snd_pcm_status, align 8 %5 = bitcast %struct.snd_pcm_status* %4 to i8* br i1 %2, label %6, label %18 %8 = getelementptr inbounds %struct.snd_pcm_status32, %struct.snd_pcm_status32* %1, i64 0, i32 10 %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %7) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = trunc i64 %11 to i32 %15 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %4, i64 0, i32 10 store i32 %14, i32* %15, align 4 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %114, !prof !5, !misexpect !6 %19 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.628966* %0, %struct.snd_pcm_status* nonnull %4) #69 Function:snd_pcm_status %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.628951*, %struct.snd_pcm.628951** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.628951, %struct.snd_pcm.628951* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 %14 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 1 %57 = bitcast %struct.anon.54* %55 to i8* %58 = bitcast %struct.anon.54* %56 to i8* %59 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.629321*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.628966*)*)(%struct.snd_pcm_substream.628966* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.629321* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.629316*, %struct.snd_pcm_runtime.629316** %12, align 8 %14 = bitcast %struct.anon.54* %9 to i8* %15 = bitcast %struct.anon.54* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.629321*)*, i64 (%struct.snd_pcm_substream.629321*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.629321* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.54* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 %110 = icmp eq i32 %109, 0 br i1 %110, label %122, label %111 %112 = getelementptr inbounds [16 x i8], [16 x i8]* %11, i64 0, i64 0 store i8 0, i8* %112, align 16 %113 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 0 %114 = load %struct.snd_pcm.629305*, %struct.snd_pcm.629305** %113, align 8 %115 = getelementptr inbounds %struct.snd_pcm.629305, %struct.snd_pcm.629305* %114, i64 0, i32 0 %116 = load %struct.snd_card.629297*, %struct.snd_card.629297** %115, align 8 %117 = getelementptr inbounds %struct.snd_card.629297, %struct.snd_card.629297* %116, i64 0, i32 27 %118 = load %struct.device.628566*, %struct.device.628566** %117, align 8 %119 = load i64, i64* %105, align 8 %120 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 16 %121 = load i64, i64* %120, align 8 call void (%struct.device.628566*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.628566*, i8*, ...)*)(%struct.device.628566* %118, i8* getelementptr inbounds ([71 x i8], [71 x i8]* @.str.3.56752, i64 0, i64 0), i8* nonnull %112, i64 %24, i64 %119, i64 %121) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 power_supply_show_property ------------- Path:  Function:power_supply_show_property %4 = alloca %struct.dev_archdata, align 8 %5 = getelementptr inbounds %struct.device.591281, %struct.device.591281* %0, i64 0, i32 8 %6 = load i8*, i8** %5, align 8 %7 = ptrtoint %struct.device_attribute.591282* %1 to i64 %8 = sub i64 %7, ptrtoint ([71 x %struct.device_attribute.591282]* @power_supply_attrs to i64) %9 = lshr exact i64 %8, 5 %10 = trunc i64 %9 to i32 %11 = bitcast %struct.dev_archdata* %4 to i8* %12 = icmp eq i32 %10, 62 br i1 %12, label %13, label %24 %25 = bitcast i8* %6 to %struct.power_supply.591294* %26 = call i32 bitcast (i32 (%struct.power_supply.591094*, i32, %struct.dev_archdata*)* @power_supply_get_property to i32 (%struct.power_supply.591294*, i32, %struct.dev_archdata*)*)(%struct.power_supply.591294* %25, i32 %10, %struct.dev_archdata* nonnull %4) #70 %27 = sext i32 %26 to i64 %28 = icmp slt i32 %26, 0 br i1 %28, label %29, label %36 switch i32 %26, label %30 [ i32 -61, label %135 i32 -11, label %135 i32 -19, label %135 ] %31 = call i32 @___ratelimit(%struct.ratelimit_state* nonnull @power_supply_show_property._rs, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @__func__.power_supply_show_property, i64 0, i64 0)) #70 %32 = icmp eq i32 %31, 0 br i1 %32, label %135, label %33 %34 = getelementptr inbounds %struct.device_attribute.591282, %struct.device_attribute.591282* %1, i64 0, i32 0, i32 0 %35 = load i8*, i8** %34, align 8 call void (%struct.device.591281*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.591281*, i8*, ...)*)(%struct.device.591281* %0, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.105.52134, i64 0, i64 0), i8* %35, i64 %27) #71 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_delete_device ------------- Path:  Function:i2c_sysfs_delete_device %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.51643, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #69 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.51.51644, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.54.51642, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_delete_device ------------- Path:  Function:i2c_sysfs_delete_device %5 = alloca i16, align 2 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast i16* %5 to i8* %9 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.51643, i64 0, i64 0), i16* nonnull %5, i8* nonnull %6) #69 %10 = icmp slt i32 %9, 1 br i1 %10, label %11, label %12 %13 = icmp eq i32 %9, 1 %14 = load i8, i8* %6, align 1 %15 = icmp eq i8 %14, 10 %16 = or i1 %13, %15 br i1 %16, label %18, label %17 call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.52.51645, i64 0, i64 0), i8* getelementptr inbounds ([14 x i8], [14 x i8]* @.str.54.51642, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.587177, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast %struct.dev_archdata* %7 to %struct.i2c_adapter.587171* %9 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 tail call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.48.51649, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.51648, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.587177, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast %struct.dev_archdata* %7 to %struct.i2c_adapter.587171* %9 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 tail call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([25 x i8], [25 x i8]* @.str.49.51650, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.51648, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.587177, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast %struct.dev_archdata* %7 to %struct.i2c_adapter.587171* %9 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.51643, i64 0, i64 0), i16* %21, i8* nonnull %6) #69 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 %26 = icmp eq i32 %22, 1 %27 = load i8, i8* %6, align 1 %28 = icmp eq i8 %27, 10 %29 = or i1 %26, %28 br i1 %29, label %31, label %30 call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.52.51645, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.51648, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 i2c_sysfs_new_device ------------- Path:  Function:i2c_sysfs_new_device %5 = alloca %struct.i2c_board_info.587177, align 8 %6 = alloca i8, align 1 %7 = getelementptr %struct.device.587128, %struct.device.587128* %0, i64 -1, i32 23 %8 = bitcast %struct.dev_archdata* %7 to %struct.i2c_adapter.587171* %9 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 0, i64 0 %10 = tail call i8* @strchr(i8* %2, i32 32) #69 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %13 %14 = ptrtoint i8* %10 to i64 %15 = ptrtoint i8* %2 to i64 %16 = sub i64 %14, %15 %17 = icmp sgt i64 %16, 19 br i1 %17, label %18, label %19 %20 = getelementptr i8, i8* %10, i64 1 %21 = getelementptr inbounds %struct.i2c_board_info.587177, %struct.i2c_board_info.587177* %5, i64 0, i32 2 %22 = call i32 (i8*, i8*, ...) @sscanf(i8* %20, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.50.51643, i64 0, i64 0), i16* %21, i8* nonnull %6) #69 %23 = icmp slt i32 %22, 1 br i1 %23, label %24, label %25 call void (%struct.device.587128*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.587128*, i8*, ...)*)(%struct.device.587128* %0, i8* getelementptr inbounds ([29 x i8], [29 x i8]* @.str.51.51644, i64 0, i64 0), i8* getelementptr inbounds ([11 x i8], [11 x i8]* @.str.47.51648, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %9 = bitcast %struct.spinlock* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %13 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %14 = bitcast %struct.list_head* %13 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %14, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_store ------------- Path:  Function:lg4ff_combine_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %7 = trunc i64 %6 to i16 %8 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %9 = bitcast %struct.spinlock* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = icmp eq i8* %10, null br i1 %11, label %12, label %15 %16 = getelementptr inbounds i8, i8* %10, i64 8 %17 = bitcast i8* %16 to %struct.lg4ff_device_entry** %18 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %17, align 8 %19 = icmp eq %struct.lg4ff_device_entry* %18, null br i1 %19, label %20, label %23 %21 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %22 = bitcast %struct.list_head* %21 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %22, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %11 = bitcast %struct.list_head* %10 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %11 = bitcast %struct.list_head* %10 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = bitcast %struct.mutex* %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %10 = bitcast %struct.spinlock* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %14 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %15 = bitcast %struct.list_head* %14 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %15, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = bitcast %struct.mutex* %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %8 = bitcast %struct.spinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %12 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %13 = bitcast %struct.list_head* %12 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %13, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_store ------------- Path:  Function:lg4ff_range_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = bitcast %struct.mutex* %5 to %struct.hid_device* %7 = tail call i64 @simple_strtoul(i8* %2, i8** null, i32 10) #69 %8 = trunc i64 %7 to i16 %9 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %10 = bitcast %struct.spinlock* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null br i1 %12, label %13, label %16 %17 = getelementptr inbounds i8, i8* %11, i64 8 %18 = bitcast i8* %17 to %struct.lg4ff_device_entry** %19 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %18, align 8 %20 = icmp eq %struct.lg4ff_device_entry* %19, null br i1 %20, label %21, label %24 %22 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %23 = bitcast %struct.list_head* %22 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %23, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_store ------------- Path:  Function:lg4ff_alternate_modes_store %5 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %6 = bitcast %struct.mutex* %5 to %struct.hid_device* %7 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 202, i32 1 %8 = bitcast %struct.spinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = icmp eq i8* %9, null br i1 %10, label %11, label %14 %15 = getelementptr inbounds i8, i8* %9, i64 8 %16 = bitcast i8* %15 to %struct.lg4ff_device_entry** %17 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %16, align 8 %18 = icmp eq %struct.lg4ff_device_entry* %17, null br i1 %18, label %19, label %22 %20 = getelementptr inbounds %struct.mutex, %struct.mutex* %5, i64 198, i32 3 %21 = bitcast %struct.list_head* %20 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %21, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %19 = bitcast %struct.list_head* %18 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_range_show ------------- Path:  Function:lg4ff_range_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %11 = bitcast %struct.list_head* %10 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 8 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %25 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %26 = load i8*, i8** %25, align 8 %27 = icmp eq i8* %26, null br i1 %27, label %28, label %31 %29 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %30 = bitcast %struct.list_head* %29 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.55763, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %21 = getelementptr inbounds %struct.lg4ff_device_entry, %struct.lg4ff_device_entry* %15, i64 0, i32 2, i32 9 %22 = load i8*, i8** %21, align 8 %23 = icmp eq i8* %22, null br i1 %23, label %28, label %24 %29 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %30 = bitcast %struct.list_head* %29 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %30, i8* getelementptr inbounds ([24 x i8], [24 x i8]* @.str.56.55763, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_real_id_show ------------- Path:  Function:lg4ff_real_id_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %19 = bitcast %struct.list_head* %18 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %19 = bitcast %struct.list_head* %18 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_alternate_modes_show ------------- Path:  Function:lg4ff_alternate_modes_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %10 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %11 = bitcast %struct.list_head* %10 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %11, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.48.55741, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 lg4ff_combine_show ------------- Path:  Function:lg4ff_combine_show %4 = getelementptr %struct.device.323249, %struct.device.323249* %0, i64 -9, i32 9 %5 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 202, i32 1 %6 = bitcast %struct.spinlock* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = icmp eq i8* %7, null br i1 %8, label %9, label %12 %13 = getelementptr inbounds i8, i8* %7, i64 8 %14 = bitcast i8* %13 to %struct.lg4ff_device_entry** %15 = load %struct.lg4ff_device_entry*, %struct.lg4ff_device_entry** %14, align 8 %16 = icmp eq %struct.lg4ff_device_entry* %15, null br i1 %16, label %17, label %20 %18 = getelementptr inbounds %struct.mutex, %struct.mutex* %4, i64 198, i32 3 %19 = bitcast %struct.list_head* %18 to %struct.device.323249* tail call void (%struct.device.323249*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.323249*, i8*, ...)*)(%struct.device.323249* %19, i8* getelementptr inbounds ([30 x i8], [30 x i8]* @.str.49.55742, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 pnp_disable_dev 1 resources_store ------------- Path:  Function:resources_store %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca i8*, align 8 %10 = bitcast %struct.device.15280* %0 to %struct.pnp_dev.330795* %11 = getelementptr inbounds %struct.pnp_dev.330795, %struct.pnp_dev.330795* %10, i64 0, i32 3 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15 %17 = tail call i8* @skip_spaces(i8* %2) #70 %18 = tail call i32 @strncasecmp(i8* %17, i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.10.30927, i64 0, i64 0), i64 7) #71 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = tail call i32 bitcast (i32 (%struct.pnp_dev.330361*)* @pnp_disable_dev to i32 (%struct.pnp_dev.330795*)*)(%struct.pnp_dev.330795* %10) #70 Function:pnp_disable_dev %2 = getelementptr inbounds %struct.pnp_dev.330361, %struct.pnp_dev.330361* %0, i64 0, i32 13 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %51, label %5 %6 = getelementptr inbounds %struct.pnp_dev.330361, %struct.pnp_dev.330361* %0, i64 0, i32 8 %7 = load %struct.pnp_protocol.330351*, %struct.pnp_protocol.330351** %6, align 8 %8 = getelementptr inbounds %struct.pnp_protocol.330351, %struct.pnp_protocol.330351* %7, i64 0, i32 4 %9 = load i32 (%struct.pnp_dev.330361*)*, i32 (%struct.pnp_dev.330361*)** %8, align 8 %10 = icmp eq i32 (%struct.pnp_dev.330361*)* %9, null br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.pnp_dev.330361, %struct.pnp_dev.330361* %0, i64 0, i32 14 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %22, label %16 %17 = and i32 %13, 32 %18 = icmp ne i32 %17, 0 %19 = load i8, i8* @console_suspend_enabled, align 1 %20 = icmp eq i8 %19, 0 %21 = and i1 %18, %20 br i1 %21, label %22, label %27 %28 = tail call i32 %9(%struct.pnp_dev.330361* %0) #70 %29 = icmp slt i32 %28, 0 %30 = getelementptr inbounds %struct.pnp_dev.330361, %struct.pnp_dev.330361* %0, i64 0, i32 0 br i1 %29, label %31, label %32 tail call void (%struct.device.17898*, i8*, ...) bitcast (void (%struct.device.508813*, i8*, ...)* @_dev_err to void (%struct.device.17898*, i8*, ...)*)(%struct.device.17898* %30, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.8.30825, i64 0, i64 0)) #69 ------------- Good: 4134 Bad: 96 Ignored: 6182 Check Use of Function:walk_page_range Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %123 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %124 = load %struct.file.125060*, %struct.file.125060** %123, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %125 = icmp eq %struct.file.125060* %124, null br i1 %125, label %126, label %131 %127 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 6 %128 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %127, align 8 %129 = bitcast %struct.vm_area_struct.125300* %75 to i8* %130 = call i32 bitcast (i32 (%struct.mm_struct.112799*, i64, i64, %struct.mm_walk_ops*, i8*)* @walk_page_range to i32 (%struct.mm_struct.125313*, i64, i64, %struct.mm_walk_ops.125412*, i8*)*)(%struct.mm_struct.125313* %128, i64 %83, i64 %87, %struct.mm_walk_ops.125412* nonnull @swapin_walk_ops, i8* %129) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %123 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %124 = load %struct.file.125060*, %struct.file.125060** %123, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %125 = icmp eq %struct.file.125060* %124, null br i1 %125, label %126, label %131 %127 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 6 %128 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %127, align 8 %129 = bitcast %struct.vm_area_struct.125300* %75 to i8* %130 = call i32 bitcast (i32 (%struct.mm_struct.112799*, i64, i64, %struct.mm_walk_ops*, i8*)* @walk_page_range to i32 (%struct.mm_struct.125313*, i64, i64, %struct.mm_walk_ops.125412*, i8*)*)(%struct.mm_struct.125313* %128, i64 %83, i64 %87, %struct.mm_walk_ops.125412* nonnull @swapin_walk_ops, i8* %129) #69 ------------- Good: 10 Bad: 2 Ignored: 3 Check Use of Function:md_import_device Check Use of Function:pc_nvram_initialize Check Use of Function:rtc_cmos_read Check Use of Function:rtc_cmos_write Check Use of Function:_credit_init_bits Check Use of Function:write_pool_user Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 random_write_iter ------------- Path:  Function:random_write_iter %3 = tail call fastcc i64 @write_pool_user(%struct.iov_iter* %1) #69 ------------- Good: 1 Bad: 2 Ignored: 0 Check Use of Function:extract_entropy Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_remove_exception 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %4 = icmp eq %struct.dst_entry.768684* %0, null br i1 %4, label %66, label %5 %6 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.768659** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %65, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %13 = bitcast %struct.dst_entry.768684* %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.fib6_info.768700* %16 = load i32, i32* %7, align 8 %17 = and i32 %16, 4194304 %18 = icmp eq i32 %17, 0 br i1 %18, label %25, label %19 %26 = icmp eq i64 %14, 0 br i1 %26, label %63, label %27 %28 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 8 %29 = load i16, i16* %28, align 2 %30 = icmp eq i16 %29, -1 br i1 %30, label %31, label %42 %43 = load volatile i64, i64* %13, align 8 %44 = inttoptr i64 %43 to %struct.fib6_info.768700* %45 = icmp eq i64 %43, 0 %46 = and i32 %16, 16777216 %47 = icmp eq i32 %46, 0 %48 = or i1 %47, %45 br i1 %48, label %63, label %49 %50 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 17 %51 = load %struct.nexthop.768696*, %struct.nexthop.768696** %50, align 8 %52 = icmp eq %struct.nexthop.768696* %51, null br i1 %52, label %60, label %53 %61 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 18, i64 0 %62 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.768699* %61, %struct.rt6_info.768697* nonnull %3) #69 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.234, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.768699, %struct.fib6_nh.768699* %0, i64 0, i32 2 %6 = bitcast %struct.rt6_exception_bucket** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %64, label %9 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %10 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %11 = icmp eq %struct.rt6_exception_bucket* %10, null %12 = ptrtoint %struct.rt6_exception_bucket* %10 to i64 %13 = and i64 %12, -2 %14 = inttoptr i64 %13 to %struct.rt6_exception_bucket* %15 = select i1 %11, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %14 %16 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0 %17 = icmp ne %struct.rt6_exception_bucket* %15, null %18 = icmp ne %struct.in6_addr* %16, null %19 = and i1 %18, %17 br i1 %19, label %20, label %62 %21 = bitcast %struct.anon.234* %3 to i8* %22 = bitcast %struct.in6_addr* %16 to i8* %23 = getelementptr inbounds %struct.anon.234, %struct.anon.234* %3, i64 0, i32 1 %24 = bitcast %struct.in6_addr* %23 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %25)) #6 to label %30 [label %25], !srcloc !4 %26 = bitcast i64* %4 to i8* %27 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #69 br i1 %27, label %28, label %29, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_update_exception 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.768802* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.768684* %0, %struct.sock.768839* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.769189, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.768839* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.768839, %struct.sock.768839* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.768839, %struct.sock.768839* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %23 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.768684*, i8*)*, void (%struct.dst_entry.768684*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.768684*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.768684* %0, i8* %28) #69 br label %29 %30 = icmp ugt i32 %3, 1280 %31 = select i1 %30, i32 %3, i32 1280 %32 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %33 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.768684*)*, i32 (%struct.dst_entry.768684*)** %34, align 32 %36 = tail call i32 %35(%struct.dst_entry.768684* %0) #69 %37 = icmp ult i32 %31, %36 br i1 %37, label %38, label %249 %39 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %40 = bitcast %struct.lwtunnel_state.768659** %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %52 %45 = and i32 %41, 1073741824 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %143 %48 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %49 = bitcast %struct.dst_entry.768684* %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %143 %53 = getelementptr %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 0 %54 = load %struct.net_device.768790*, %struct.net_device.768790** %53, align 8 %55 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.768909*, %struct.net.768909** %55, align 8 %57 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 2 %58 = load i64, i64* %57, align 8 %59 = icmp eq i64 %58, 0 br i1 %59, label %60, label %61, !prof !4, !misexpect !5 %62 = and i64 %58, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %69, label %64 %70 = and i64 %58, -4 %71 = inttoptr i64 %70 to i32* br label %72 %73 = phi i32* [ %68, %64 ], [ %71, %69 ] %74 = icmp eq i32* %73, null br i1 %74, label %77, label %75 %76 = getelementptr i32, i32* %73, i64 1 store i32 %31, i32* %76, align 4 br label %77 %78 = load i32, i32* %40, align 8 %79 = or i32 %78, 32 store i32 %79, i32* %40, align 8 %80 = getelementptr inbounds %struct.net.768909, %struct.net.768909* %56, i64 0, i32 35, i32 0, i32 12 %81 = load i32, i32* %80, align 4 %82 = and i32 %78, 4194304 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %85 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %86 = bitcast %struct.dst_entry.768684* %85 to i64* %87 = load volatile i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %94, label %89 %90 = inttoptr i64 %87 to %struct.fib6_info.768700* %91 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %90, i64 0, i32 6 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 3 store i64 %92, i64* %93, align 8 br label %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %95 %96 = load volatile i64, i64* @jiffies, align 64 %97 = sext i32 %81 to i64 %98 = add i64 %96, %97 %99 = icmp eq i64 %98, 0 %100 = select i1 %99, i64 1, i64 %98 %101 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 3 %102 = load i64, i64* %101, align 8 %103 = icmp eq i64 %102, 0 %104 = sub i64 %100, %102 %105 = icmp slt i64 %104, 0 %106 = or i1 %103, %105 br i1 %106, label %107, label %108 %109 = load i32, i32* %40, align 8 %110 = or i32 %109, 4194304 store i32 %110, i32* %40, align 8 %111 = and i32 %109, 16777216 %112 = icmp eq i32 %111, 0 br i1 %112, label %249, label %113 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %114 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %115 = bitcast %struct.dst_entry.768684* %114 to i64* %116 = load volatile i64, i64* %115, align 8 %117 = inttoptr i64 %116 to %struct.fib6_info.768700* %118 = icmp eq i64 %116, 0 br i1 %118, label %142, label %119 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, 16777216 %122 = icmp eq i32 %121, 0 br i1 %122, label %142, label %123 %124 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %117, i64 0, i32 17 %125 = load %struct.nexthop.768696*, %struct.nexthop.768696** %124, align 8 %126 = icmp eq %struct.nexthop.768696* %125, null br i1 %126, label %138, label %127 %139 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %117, i64 0, i32 18, i64 0 br label %140 %141 = phi %struct.fib6_nh.768699* [ %136, %127 ], [ %139, %138 ] call fastcc void @fib6_nh_update_exception(%struct.fib6_nh.768699* %141, %struct.rt6_info.768697* %9) #69 Function:fib6_nh_update_exception %3 = alloca %struct.anon.234, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.768699, %struct.fib6_nh.768699* %0, i64 0, i32 2 %6 = bitcast %struct.rt6_exception_bucket** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 %9 = and i64 %7, -2 %10 = inttoptr i64 %9 to %struct.rt6_exception_bucket* %11 = select i1 %8, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %10 %12 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0 %13 = icmp ne %struct.rt6_exception_bucket* %11, null %14 = icmp ne %struct.in6_addr* %12, null %15 = and i1 %14, %13 br i1 %15, label %16, label %62 %17 = bitcast %struct.anon.234* %3 to i8* %18 = bitcast %struct.in6_addr* %12 to i8* %19 = getelementptr inbounds %struct.anon.234, %struct.anon.234* %3, i64 0, i32 1 %20 = bitcast %struct.in6_addr* %19 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_update_exception, %21)) #6 to label %26 [label %21], !srcloc !4 %22 = bitcast i64* %4 to i8* %23 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #69 br i1 %23, label %24, label %25, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2136 %3 = bitcast i8* %2 to %struct.net_device.707029** store %struct.net_device.707029* %0, %struct.net_device.707029** %3, align 8 %4 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.706629** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2200 %10 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.707029* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2248 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %10 = bitcast i8* %9 to %struct.net.706629** %11 = load %struct.net.706629*, %struct.net.706629** %10, align 8 %12 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2244 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2233 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2216 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.nlattr* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.706564* @ip_route_output_flow(%struct.net.706629* %11, %struct.flowi4* nonnull %2, %struct.sock.706927* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.707040, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.707040* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.706564* @ip_route_output_key_hash_rcu(%struct.net.706629* %0, %struct.flowi4* %1, %struct.fib_result.707040* nonnull %4, %struct.sk_buff.706937* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %185, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %87, label %43 %44 = tail call %struct.net_device.707029* bitcast (%struct.net_device.653918* (%struct.net.653816*, i32)* @dev_get_by_index_rcu to %struct.net_device.707029* (%struct.net.706629*, i32)*)(%struct.net.706629* %0, i32 %41) #69 %45 = icmp eq %struct.net_device.707029* %44, null br i1 %45, label %185, label %46 %47 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 34 %48 = load i32, i32* %47, align 8 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %185, label %51 %52 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 67 %53 = bitcast %struct.in_device.706989** %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %185, label %56 %57 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 16777215 %60 = icmp eq i32 %59, 224 %61 = icmp eq i32 %58, -1 %62 = or i1 %61, %60 br i1 %62, label %67, label %63 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %65 = load i8, i8* %64, align 2 %66 = icmp eq i8 %65, 2 br i1 %66, label %67, label %72 %68 = load i32, i32* %7, align 8 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %180 %181 = phi i32 [ 0, %27 ], [ %6, %67 ], [ %6, %70 ], [ %6, %144 ], [ %172, %166 ], [ %6, %175 ], [ %6, %96 ] %182 = phi i32 [ 0, %27 ], [ 0, %67 ], [ 0, %70 ], [ 0, %144 ], [ -2147483648, %166 ], [ 0, %175 ], [ -2147483648, %96 ] %183 = phi %struct.net_device.707029* [ %25, %27 ], [ %44, %67 ], [ %44, %70 ], [ %88, %144 ], [ %169, %166 ], [ %179, %175 ], [ %98, %96 ] %184 = tail call fastcc %struct.rtable.706564* @__mkroute_output(%struct.fib_result.707040* %2, %struct.flowi4* %1, i32 %181, %struct.net_device.707029* %183, i32 %182) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 7 %8 = load %struct.fib_info.706568*, %struct.fib_info.706568** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.706989** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.706989* %16 = icmp eq i64 %14, 0 br i1 %16, label %303, label %17 %18 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 0 %19 = load %struct.net_device.707029*, %struct.net_device.707029** %18, align 8 %20 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.706629*, %struct.net.706629** %20, align 8 %22 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %21, i64 0, i32 34, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %303, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 br label %69 %70 = phi i32 [ %4, %55 ], [ %64, %59 ] %71 = phi i32* [ %56, %55 ], [ %60, %59 ] %72 = or i32 %70, -1610612736 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %74 = load i32, i32* %73, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %76 = load i8, i8* %75, align 2 %77 = tail call i32 bitcast (i32 (%struct.in_device.731361*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.706989*, i32, i32, i8)*)(%struct.in_device.706989* nonnull %15, i32 %48, i32 %74, i8 zeroext %76) #69 %78 = icmp eq i32 %77, 0 %79 = and i32 %72, 2147483647 %80 = select i1 %78, i32 %79, i32 %72 %81 = icmp eq %struct.fib_info.706568* %8, null br i1 %81, label %212, label %82 %83 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 1 %84 = load i8, i8* %83, align 4 %85 = icmp ult i8 %84, 4 br i1 %85, label %212, label %86 %87 = zext i1 %78 to i32 %88 = zext i1 %78 to i8 %89 = load i32, i32* %47, align 4 br label %105 %106 = phi i32 [ %89, %86 ], [ %48, %99 ] %107 = phi i8 [ %88, %86 ], [ %104, %99 ] %108 = phi i32 [ %87, %86 ], [ %103, %99 ] %109 = phi i32 [ %80, %86 ], [ %64, %99 ] %110 = phi i16 [ 5, %86 ], [ %11, %99 ] %111 = phi i32* [ %71, %86 ], [ %60, %99 ] %112 = icmp eq i32 %108, 0 %113 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 6 %114 = load %struct.fib_nh_common.706567*, %struct.fib_nh_common.706567** %113, align 8 %115 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %114, i64 0, i32 12 %116 = bitcast %struct.fnhe_hash_bucket.706566** %115 to i64* %117 = load volatile i64, i64* %116, align 8 %118 = icmp eq i64 %117, 0 br i1 %118, label %154, label %119 %120 = inttoptr i64 %117 to %struct.fnhe_hash_bucket.706566* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %121)) #6 to label %126 [label %121], !srcloc !6 %127 = call i64 @siphash_1u32(i32 %106, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %128 = mul i64 %127, 7046029254386353131 %129 = lshr i64 %128, 53 %130 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %120, i64 %129, i32 0 %131 = bitcast %struct.fib_nh_exception.706565** %130 to i64* %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, 0 br i1 %133, label %154, label %134 %135 = phi i64 [ %152, %150 ], [ %132, %126 ] %136 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %137 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %136, i64 0, i32 2 %138 = load i32, i32* %137, align 4 %139 = icmp eq i32 %138, %106 br i1 %139, label %140, label %150 %141 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %142 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %141, i64 0, i32 6 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %154, label %145 %146 = load volatile i64, i64* @jiffies, align 64 %147 = sub i64 %143, %146 %148 = icmp slt i64 %147, 0 br i1 %148, label %149, label %154 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.706567* %114, i32 %106) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %0, i64 0, i32 2 %4 = load %struct.inode.245632*, %struct.inode.245632** %3, align 8 %5 = getelementptr %struct.inode.245632, %struct.inode.245632* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %8, i64 0, i32 87 %10 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %9, align 8 %11 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %10, i64 0, i32 21, i64 1 %12 = load %struct.pid.245407*, %struct.pid.245407** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.245407** %15 = load %struct.pid.245407*, %struct.pid.245407** %14, align 8 %16 = icmp eq %struct.pid.245407* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.245407* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.245212** %26 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.245448** %32 = load %struct.sock.245448*, %struct.sock.245448** %31, align 8 %33 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.245448* %32, %struct.sk_buff.245212* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0), i64 %13) #69 br label %30 %31 = load volatile i8, i8* @crng_has_old_seed.early_boot, align 1 %32 = icmp eq i8 %31, 0 br i1 %32, label %44, label %33, !prof !8, !misexpect !5 %45 = phi i64 [ 60000, %30 ], [ 60000, %36 ], [ %43, %37 ] %46 = load volatile i64, i64* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 1), align 8 %47 = add i64 %46, %45 %48 = load volatile i64, i64* @jiffies, align 64 %49 = sub i64 %47, %48 %50 = icmp slt i64 %49, 0 br i1 %50, label %51, label %63, !prof !4, !misexpect !5 %52 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 call fastcc void @extract_entropy(i8* nonnull %52) #69 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_remove_exception 4 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %4 = icmp eq %struct.dst_entry.768684* %0, null br i1 %4, label %66, label %5 %6 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.768659** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %65, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %13 = bitcast %struct.dst_entry.768684* %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.fib6_info.768700* %16 = load i32, i32* %7, align 8 %17 = and i32 %16, 4194304 %18 = icmp eq i32 %17, 0 br i1 %18, label %25, label %19 %26 = icmp eq i64 %14, 0 br i1 %26, label %63, label %27 %28 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 8 %29 = load i16, i16* %28, align 2 %30 = icmp eq i16 %29, -1 br i1 %30, label %31, label %42 %43 = load volatile i64, i64* %13, align 8 %44 = inttoptr i64 %43 to %struct.fib6_info.768700* %45 = icmp eq i64 %43, 0 %46 = and i32 %16, 16777216 %47 = icmp eq i32 %46, 0 %48 = or i1 %47, %45 br i1 %48, label %63, label %49 %50 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 17 %51 = load %struct.nexthop.768696*, %struct.nexthop.768696** %50, align 8 %52 = icmp eq %struct.nexthop.768696* %51, null br i1 %52, label %60, label %53 %61 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 18, i64 0 %62 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.768699* %61, %struct.rt6_info.768697* nonnull %3) #69 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.234, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.768699, %struct.fib6_nh.768699* %0, i64 0, i32 2 %6 = bitcast %struct.rt6_exception_bucket** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %64, label %9 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %10 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %11 = icmp eq %struct.rt6_exception_bucket* %10, null %12 = ptrtoint %struct.rt6_exception_bucket* %10 to i64 %13 = and i64 %12, -2 %14 = inttoptr i64 %13 to %struct.rt6_exception_bucket* %15 = select i1 %11, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %14 %16 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0 %17 = icmp ne %struct.rt6_exception_bucket* %15, null %18 = icmp ne %struct.in6_addr* %16, null %19 = and i1 %18, %17 br i1 %19, label %20, label %62 %21 = bitcast %struct.anon.234* %3 to i8* %22 = bitcast %struct.in6_addr* %16 to i8* %23 = getelementptr inbounds %struct.anon.234, %struct.anon.234* %3, i64 0, i32 1 %24 = bitcast %struct.in6_addr* %23 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %25)) #6 to label %30 [label %25], !srcloc !4 %26 = bitcast i64* %4 to i8* %27 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #69 br i1 %27, label %28, label %29, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 fib6_nh_update_exception 4 __ip6_rt_update_pmtu 5 ip6_rt_update_pmtu ------------- Path:  Function:ip6_rt_update_pmtu %6 = icmp eq %struct.sk_buff.768802* %2, null br i1 %6, label %15, label %7 %16 = phi %struct.ipv6hdr* [ %14, %7 ], [ null, %5 ] tail call fastcc void @__ip6_rt_update_pmtu(%struct.dst_entry.768684* %0, %struct.sock.768839* %1, %struct.ipv6hdr* %16, i32 %3, i1 zeroext %4) #69 Function:__ip6_rt_update_pmtu %6 = alloca %struct.fib6_nh_match_arg, align 8 %7 = alloca %struct.fib6_result.769189, align 8 %8 = alloca %struct.fib6_nh_match_arg, align 8 %9 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %10 = icmp eq %struct.ipv6hdr* %2, null br i1 %10, label %13, label %11 %14 = icmp eq %struct.sock.768839* %1, null br i1 %14, label %19, label %15 %16 = getelementptr inbounds %struct.sock.768839, %struct.sock.768839* %1, i64 0, i32 0, i32 10 %17 = getelementptr inbounds %struct.sock.768839, %struct.sock.768839* %1, i64 0, i32 0, i32 4 %18 = load volatile i8, i8* %17, align 2 br label %19 %20 = phi %struct.in6_addr* [ %12, %11 ], [ null, %13 ], [ %16, %15 ] br i1 %4, label %21, label %29 %22 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %23 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %22, align 8 %24 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %23, i64 0, i32 15 %25 = load void (%struct.dst_entry.768684*, i8*)*, void (%struct.dst_entry.768684*, i8*)** %24, align 16 %26 = icmp eq void (%struct.dst_entry.768684*, i8*)* %25, null br i1 %26, label %29, label %27 %28 = bitcast %struct.in6_addr* %20 to i8* tail call void %25(%struct.dst_entry.768684* %0, i8* %28) #69 br label %29 %30 = icmp ugt i32 %3, 1280 %31 = select i1 %30, i32 %3, i32 1280 %32 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %33 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %32, align 8 %34 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %33, i64 0, i32 5 %35 = load i32 (%struct.dst_entry.768684*)*, i32 (%struct.dst_entry.768684*)** %34, align 32 %36 = tail call i32 %35(%struct.dst_entry.768684* %0) #69 %37 = icmp ult i32 %31, %36 br i1 %37, label %38, label %249 %39 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %40 = bitcast %struct.lwtunnel_state.768659** %39 to i32* %41 = load i32, i32* %40, align 8 %42 = and i32 %41, 16777216 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %52 %45 = and i32 %41, 1073741824 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %143 %48 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %49 = bitcast %struct.dst_entry.768684* %48 to i64* %50 = load volatile i64, i64* %49, align 8 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %143 %53 = getelementptr %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 0 %54 = load %struct.net_device.768790*, %struct.net_device.768790** %53, align 8 %55 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %54, i64 0, i32 107, i32 0 %56 = load %struct.net.768909*, %struct.net.768909** %55, align 8 %57 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 2 %58 = load i64, i64* %57, align 8 %59 = icmp eq i64 %58, 0 br i1 %59, label %60, label %61, !prof !4, !misexpect !5 %62 = and i64 %58, 1 %63 = icmp eq i64 %62, 0 br i1 %63, label %69, label %64 %70 = and i64 %58, -4 %71 = inttoptr i64 %70 to i32* br label %72 %73 = phi i32* [ %68, %64 ], [ %71, %69 ] %74 = icmp eq i32* %73, null br i1 %74, label %77, label %75 %76 = getelementptr i32, i32* %73, i64 1 store i32 %31, i32* %76, align 4 br label %77 %78 = load i32, i32* %40, align 8 %79 = or i32 %78, 32 store i32 %79, i32* %40, align 8 %80 = getelementptr inbounds %struct.net.768909, %struct.net.768909* %56, i64 0, i32 35, i32 0, i32 12 %81 = load i32, i32* %80, align 4 %82 = and i32 %78, 4194304 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %95 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %85 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %86 = bitcast %struct.dst_entry.768684* %85 to i64* %87 = load volatile i64, i64* %86, align 8 %88 = icmp eq i64 %87, 0 br i1 %88, label %94, label %89 %90 = inttoptr i64 %87 to %struct.fib6_info.768700* %91 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %90, i64 0, i32 6 %92 = load i64, i64* %91, align 8 %93 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 3 store i64 %92, i64* %93, align 8 br label %94 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br label %95 %96 = load volatile i64, i64* @jiffies, align 64 %97 = sext i32 %81 to i64 %98 = add i64 %96, %97 %99 = icmp eq i64 %98, 0 %100 = select i1 %99, i64 1, i64 %98 %101 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 3 %102 = load i64, i64* %101, align 8 %103 = icmp eq i64 %102, 0 %104 = sub i64 %100, %102 %105 = icmp slt i64 %104, 0 %106 = or i1 %103, %105 br i1 %106, label %107, label %108 %109 = load i32, i32* %40, align 8 %110 = or i32 %109, 4194304 store i32 %110, i32* %40, align 8 %111 = and i32 %109, 16777216 %112 = icmp eq i32 %111, 0 br i1 %112, label %249, label %113 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %114 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %115 = bitcast %struct.dst_entry.768684* %114 to i64* %116 = load volatile i64, i64* %115, align 8 %117 = inttoptr i64 %116 to %struct.fib6_info.768700* %118 = icmp eq i64 %116, 0 br i1 %118, label %142, label %119 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, 16777216 %122 = icmp eq i32 %121, 0 br i1 %122, label %142, label %123 %124 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %117, i64 0, i32 17 %125 = load %struct.nexthop.768696*, %struct.nexthop.768696** %124, align 8 %126 = icmp eq %struct.nexthop.768696* %125, null br i1 %126, label %138, label %127 %139 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %117, i64 0, i32 18, i64 0 br label %140 %141 = phi %struct.fib6_nh.768699* [ %136, %127 ], [ %139, %138 ] call fastcc void @fib6_nh_update_exception(%struct.fib6_nh.768699* %141, %struct.rt6_info.768697* %9) #69 Function:fib6_nh_update_exception %3 = alloca %struct.anon.234, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.768699, %struct.fib6_nh.768699* %0, i64 0, i32 2 %6 = bitcast %struct.rt6_exception_bucket** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 %9 = and i64 %7, -2 %10 = inttoptr i64 %9 to %struct.rt6_exception_bucket* %11 = select i1 %8, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %10 %12 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0 %13 = icmp ne %struct.rt6_exception_bucket* %11, null %14 = icmp ne %struct.in6_addr* %12, null %15 = and i1 %14, %13 br i1 %15, label %16, label %62 %17 = bitcast %struct.anon.234* %3 to i8* %18 = bitcast %struct.in6_addr* %12 to i8* %19 = getelementptr inbounds %struct.anon.234, %struct.anon.234* %3, i64 0, i32 1 %20 = bitcast %struct.in6_addr* %19 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_update_exception, %21)) #6 to label %26 [label %21], !srcloc !4 %22 = bitcast i64* %4 to i8* %23 = call zeroext i1 @__do_once_start(i8* nonnull @rt6_exception_hash.___done, i64* nonnull %4) #69 br i1 %23, label %24, label %25, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @rt6_exception_hash.rt6_exception_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 ip_del_fnhe 4 __mkroute_output 5 ip_route_output_key_hash_rcu 6 ip_route_output_flow 7 ipip6_tunnel_bind_dev 8 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2136 %3 = bitcast i8* %2 to %struct.net_device.707029** store %struct.net_device.707029* %0, %struct.net_device.707029** %3, align 8 %4 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.706629** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2200 %10 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.707029* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2248 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %10 = bitcast i8* %9 to %struct.net.706629** %11 = load %struct.net.706629*, %struct.net.706629** %10, align 8 %12 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2244 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2233 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2216 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.nlattr* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.706564* @ip_route_output_flow(%struct.net.706629* %11, %struct.flowi4* nonnull %2, %struct.sock.706927* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.707040, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.707040* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.706564* @ip_route_output_key_hash_rcu(%struct.net.706629* %0, %struct.flowi4* %1, %struct.fib_result.707040* nonnull %4, %struct.sk_buff.706937* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %185, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %87, label %43 %44 = tail call %struct.net_device.707029* bitcast (%struct.net_device.653918* (%struct.net.653816*, i32)* @dev_get_by_index_rcu to %struct.net_device.707029* (%struct.net.706629*, i32)*)(%struct.net.706629* %0, i32 %41) #69 %45 = icmp eq %struct.net_device.707029* %44, null br i1 %45, label %185, label %46 %47 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 34 %48 = load i32, i32* %47, align 8 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %185, label %51 %52 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 67 %53 = bitcast %struct.in_device.706989** %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %185, label %56 %57 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 16777215 %60 = icmp eq i32 %59, 224 %61 = icmp eq i32 %58, -1 %62 = or i1 %61, %60 br i1 %62, label %67, label %63 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %65 = load i8, i8* %64, align 2 %66 = icmp eq i8 %65, 2 br i1 %66, label %67, label %72 %68 = load i32, i32* %7, align 8 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %180 %181 = phi i32 [ 0, %27 ], [ %6, %67 ], [ %6, %70 ], [ %6, %144 ], [ %172, %166 ], [ %6, %175 ], [ %6, %96 ] %182 = phi i32 [ 0, %27 ], [ 0, %67 ], [ 0, %70 ], [ 0, %144 ], [ -2147483648, %166 ], [ 0, %175 ], [ -2147483648, %96 ] %183 = phi %struct.net_device.707029* [ %25, %27 ], [ %44, %67 ], [ %44, %70 ], [ %88, %144 ], [ %169, %166 ], [ %179, %175 ], [ %98, %96 ] %184 = tail call fastcc %struct.rtable.706564* @__mkroute_output(%struct.fib_result.707040* %2, %struct.flowi4* %1, i32 %181, %struct.net_device.707029* %183, i32 %182) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 7 %8 = load %struct.fib_info.706568*, %struct.fib_info.706568** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.706989** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.706989* %16 = icmp eq i64 %14, 0 br i1 %16, label %303, label %17 %18 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 0 %19 = load %struct.net_device.707029*, %struct.net_device.707029** %18, align 8 %20 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.706629*, %struct.net.706629** %20, align 8 %22 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %21, i64 0, i32 34, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %303, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 br label %69 %70 = phi i32 [ %4, %55 ], [ %64, %59 ] %71 = phi i32* [ %56, %55 ], [ %60, %59 ] %72 = or i32 %70, -1610612736 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %74 = load i32, i32* %73, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %76 = load i8, i8* %75, align 2 %77 = tail call i32 bitcast (i32 (%struct.in_device.731361*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.706989*, i32, i32, i8)*)(%struct.in_device.706989* nonnull %15, i32 %48, i32 %74, i8 zeroext %76) #69 %78 = icmp eq i32 %77, 0 %79 = and i32 %72, 2147483647 %80 = select i1 %78, i32 %79, i32 %72 %81 = icmp eq %struct.fib_info.706568* %8, null br i1 %81, label %212, label %82 %83 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 1 %84 = load i8, i8* %83, align 4 %85 = icmp ult i8 %84, 4 br i1 %85, label %212, label %86 %87 = zext i1 %78 to i32 %88 = zext i1 %78 to i8 %89 = load i32, i32* %47, align 4 br label %105 %106 = phi i32 [ %89, %86 ], [ %48, %99 ] %107 = phi i8 [ %88, %86 ], [ %104, %99 ] %108 = phi i32 [ %87, %86 ], [ %103, %99 ] %109 = phi i32 [ %80, %86 ], [ %64, %99 ] %110 = phi i16 [ 5, %86 ], [ %11, %99 ] %111 = phi i32* [ %71, %86 ], [ %60, %99 ] %112 = icmp eq i32 %108, 0 %113 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 6 %114 = load %struct.fib_nh_common.706567*, %struct.fib_nh_common.706567** %113, align 8 %115 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %114, i64 0, i32 12 %116 = bitcast %struct.fnhe_hash_bucket.706566** %115 to i64* %117 = load volatile i64, i64* %116, align 8 %118 = icmp eq i64 %117, 0 br i1 %118, label %154, label %119 %120 = inttoptr i64 %117 to %struct.fnhe_hash_bucket.706566* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %121)) #6 to label %126 [label %121], !srcloc !6 %127 = call i64 @siphash_1u32(i32 %106, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %128 = mul i64 %127, 7046029254386353131 %129 = lshr i64 %128, 53 %130 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %120, i64 %129, i32 0 %131 = bitcast %struct.fib_nh_exception.706565** %130 to i64* %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, 0 br i1 %133, label %154, label %134 %135 = phi i64 [ %152, %150 ], [ %132, %126 ] %136 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %137 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %136, i64 0, i32 2 %138 = load i32, i32* %137, align 4 %139 = icmp eq i32 %138, %106 br i1 %139, label %140, label %150 %141 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %142 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %141, i64 0, i32 6 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %154, label %145 %146 = load volatile i64, i64* @jiffies, align 64 %147 = sub i64 %143, %146 %148 = icmp slt i64 %147, 0 br i1 %148, label %149, label %154 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.706567* %114, i32 %106) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %5 = bitcast i64* %3 to i8* %6 = call zeroext i1 @__do_once_start(i8* nonnull @fnhe_hashfun.___done, i64* nonnull %3) #69 br i1 %6, label %7, label %8, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @fnhe_hashfun.fnhe_hash_key to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %0, i64 0, i32 2 %4 = load %struct.inode.245632*, %struct.inode.245632** %3, align 8 %5 = getelementptr %struct.inode.245632, %struct.inode.245632* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %8, i64 0, i32 87 %10 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %9, align 8 %11 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %10, i64 0, i32 21, i64 1 %12 = load %struct.pid.245407*, %struct.pid.245407** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.245407** %15 = load %struct.pid.245407*, %struct.pid.245407** %14, align 8 %16 = icmp eq %struct.pid.245407* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.245407* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.245212** %26 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.245448** %32 = load %struct.sock.245448*, %struct.sock.245448** %31, align 8 %33 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.245448* %32, %struct.sk_buff.245212* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 __skb_get_hash 4 get_xps_queue 5 netdev_pick_tx 6 netdev_core_pick_tx 7 __dev_queue_xmit 8 dev_queue_xmit 9 netlink_deliver_tap 10 netlink_sendskb 11 do_mq_notify 12 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %164 = and i64 %153, 1 %165 = icmp ne i64 %164, 0 %166 = icmp ugt i64 %153, 1 %167 = and i1 %166, %165 br i1 %167, label %168, label %187 %169 = and i64 %153, -2 %170 = inttoptr i64 %169 to %struct.dst_entry.653706* %171 = getelementptr inbounds %struct.dst_entry.653706, %struct.dst_entry.653706* %170, i64 0, i32 11, i32 0 %172 = load volatile i32, i32* %171, align 4 %173 = icmp eq i32 %172, 0 br i1 %173, label %184, label %174, !prof !8, !misexpect !5 %175 = phi i32 [ %182, %181 ], [ %172, %168 ] %176 = add i32 %175, 1 %177 = call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %171, i32 %176, i32* %171, i32 %175) #6, !srcloc !10 %178 = extractvalue { i8, i32 } %177, 0 %179 = and i8 %178, 1 %180 = icmp eq i8 %179, 0 br i1 %180, label %181, label %184, !prof !8, !misexpect !5 %182 = extractvalue { i8, i32 } %177, 1 %183 = icmp eq i32 %182, 0 br i1 %183, label %184, label %174, !prof !8, !misexpect !5 %185 = phi %struct.dst_entry.653706* [ null, %168 ], [ %170, %174 ], [ null, %181 ] %186 = ptrtoint %struct.dst_entry.653706* %185 to i64 store i64 %186, i64* %152, align 8 br label %187 %188 = call %struct.netdev_queue.653889* @netdev_core_pick_tx(%struct.net_device.653918* %10, %struct.sk_buff.653931* %0, %struct.net_device.653918* %1) #70 Function:netdev_core_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 26, i32 0 %5 = load i32, i32* %4, align 4 %6 = add i32 %5, -1 %7 = icmp ugt i32 %6, 63 br i1 %7, label %8, label %11 %9 = tail call i32 asm sideeffect "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @cpu_number) #6, !srcloc !4 %10 = add i32 %9, 1 store i32 %10, i32* %4, align 4 br label %11 %12 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 88 %13 = load i32, i32* %12, align 4 %14 = icmp eq i32 %13, 1 br i1 %14, label %40, label %15 %16 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %17 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %16, align 8 %18 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %17, i64 0, i32 6 %19 = load i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)*, i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)** %18, align 8 %20 = icmp eq i16 (%struct.net_device.653918*, %struct.sk_buff.653931*, %struct.net_device.653918*)* %19, null br i1 %20, label %23, label %21 %24 = tail call zeroext i16 @netdev_pick_tx(%struct.net_device.653918* %0, %struct.sk_buff.653931* %1, %struct.net_device.653918* %2) #70 Function:netdev_pick_tx %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 %6 = icmp eq %struct.sock.653713* %5, null br i1 %6, label %12, label %7 %13 = icmp eq %struct.net_device.653918* %2, null %14 = select i1 %13, %struct.net_device.653918* %0, %struct.net_device.653918* %2 br label %26 %27 = phi %struct.net_device.653918* [ %14, %12 ], [ %17, %22 ], [ %17, %15 ] %28 = phi i32 [ -1, %12 ], [ %11, %22 ], [ %11, %15 ] %29 = tail call fastcc i32 @get_xps_queue(%struct.net_device.653918* %0, %struct.net_device.653918* %27, %struct.sk_buff.653931* %1) #69 Function:get_xps_queue %4 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 1, i32 0 %5 = load %struct.sock.653713*, %struct.sock.653713** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_needed, i1 false, i8* blockaddress(@get_xps_queue, %6)) #6 to label %136 [label %6], !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* nonnull @xps_rxqs_needed, i1 false, i8* blockaddress(@get_xps_queue, %7)) #6 to label %74 [label %7], !srcloc !4 %8 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %1, i64 0, i32 95 %9 = bitcast %struct.xps_dev_maps** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.xps_dev_maps* %12 = icmp eq i64 %10, 0 %13 = icmp eq %struct.sock.653713* %5, null %14 = or i1 %13, %12 br i1 %14, label %74, label %15 %16 = getelementptr inbounds %struct.sock.653713, %struct.sock.653713* %5, i64 0, i32 0, i32 17 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, -1 %19 = zext i16 %17 to i32 br i1 %18, label %74, label %20 %21 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 73 %22 = load i32, i32* %21, align 8 %23 = icmp ugt i32 %22, %19 br i1 %23, label %24, label %74 %25 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 117 %26 = load i16, i16* %25, align 2 %27 = icmp eq i16 %26, 0 br i1 %27, label %39, label %28 %29 = sext i16 %26 to i32 %30 = mul nsw i32 %29, %19 %31 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 21 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 15 %34 = zext i32 %33 to i64 %35 = getelementptr %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 119, i64 %34 %36 = load i8, i8* %35, align 1 %37 = zext i8 %36 to i32 %38 = add nsw i32 %30, %37 br label %39 %40 = phi i32 [ %38, %28 ], [ %19, %24 ] %41 = zext i32 %40 to i64 %42 = getelementptr %struct.xps_dev_maps, %struct.xps_dev_maps* %11, i64 0, i32 1, i64 %41 %43 = bitcast %struct.xps_map** %42 to i64* %44 = load volatile i64, i64* %43, align 8 %45 = inttoptr i64 %44 to %struct.xps_map* %46 = icmp eq i64 %44, 0 br i1 %46, label %74, label %47 %48 = getelementptr inbounds %struct.xps_map, %struct.xps_map* %45, i64 0, i32 0 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 1 br i1 %50, label %66, label %51 %52 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %2, i64 0, i32 16 %53 = load i16, i16* %52, align 8 %54 = and i16 %53, 768 %55 = icmp eq i16 %54, 0 br i1 %55, label %56, label %58 tail call void bitcast (void (%struct.sk_buff.652209*)* @__skb_get_hash to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %2) #69 Function:__skb_get_hash %2 = alloca i64, align 8 %3 = alloca %struct.flow_keys, align 8 %4 = bitcast %struct.flow_keys* %3 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @__flow_hash_secret_init.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__skb_get_hash, %5)) #6 to label %10 [label %5], !srcloc !4 %6 = bitcast i64* %2 to i8* %7 = call zeroext i1 @__do_once_start(i8* nonnull @__flow_hash_secret_init.___done, i64* nonnull %2) #69 br i1 %7, label %8, label %9, !prof !5, !misexpect !6 call void @get_random_bytes(i8* bitcast (%struct.siphash_key_t* @hashrnd to i8*), i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 _get_random_bytes 2 get_random_bytes 3 generate_random_uuid 4 proc_do_uuid ------------- Path:  Function:proc_do_uuid %6 = alloca [16 x i8], align 16 %7 = alloca [37 x i8], align 16 %8 = alloca %struct.ctl_table, align 8 %9 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %10 = getelementptr inbounds [37 x i8], [37 x i8]* %7, i64 0, i64 0 %11 = bitcast %struct.ctl_table* %8 to i8* %12 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 1 store i8* %10, i8** %12, align 8 %13 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %8, i64 0, i32 2 store i32 36, i32* %13, align 8 %14 = icmp eq i32 %1, 0 br i1 %14, label %15, label %30 %16 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %17 = load i8*, i8** %16, align 8 %18 = icmp eq i8* %17, null br i1 %18, label %19, label %20 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @proc_do_uuid.bootid_spinlock, i64 0, i32 0, i32 0)) #69 %21 = getelementptr i8, i8* %17, i64 8 %22 = load i8, i8* %21, align 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %25 call void @generate_random_uuid(i8* nonnull %17) #69 Function:generate_random_uuid tail call void @get_random_bytes(i8* %0, i64 16) #69 Function:get_random_bytes tail call fastcc void @_get_random_bytes(i8* %0, i64 %1) #69 Function:_get_random_bytes %3 = alloca [16 x i32], align 16 %4 = alloca [64 x i8], align 16 %5 = bitcast [16 x i32]* %3 to i8* %6 = getelementptr inbounds [64 x i8], [64 x i8]* %4, i64 0, i64 0 %7 = icmp eq i64 %1, 0 br i1 %7, label %34, label %8 %9 = icmp ult i64 %1, 32 %10 = select i1 %9, i64 %1, i64 32 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %3, i64 0, i64 0 call fastcc void @crng_make_state(i32* nonnull %11, i8* %0, i64 %10) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %36 = icmp eq i32 %35, 0 br i1 %36, label %39, label %37, !prof !6, !misexpect !7 %40 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %35, !prof !6, !misexpect !7 %38 = call fastcc i64 @get_random_bytes_user(%struct.iov_iter* nonnull %2) #69 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 crng_make_state 1 get_random_bytes_user 2 urandom_read_iter ------------- Path:  Function:urandom_read_iter %3 = load i32, i32* @crng_init, align 4 %4 = icmp ugt i32 %3, 1 br i1 %4, label %28, label %5, !prof !4, !misexpect !5 %6 = load i32, i32* @ratelimit_disable, align 4 %7 = icmp eq i32 %6, 0 %8 = load i32, i32* @urandom_read_iter.maxwarn, align 4 %9 = icmp slt i32 %8, 1 %10 = and i1 %7, %9 br i1 %10, label %11, label %14 br i1 %7, label %15, label %20 %16 = tail call i32 @___ratelimit(%struct.ratelimit_state* nonnull @urandom_warning, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @__func__.urandom_read_iter, i64 0, i64 0)) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %28, label %18 %29 = tail call fastcc i64 @get_random_bytes_user(%struct.iov_iter* %1) #71 Function:get_random_bytes_user %2 = alloca [16 x i32], align 16 %3 = alloca [64 x i8], align 16 %4 = bitcast [16 x i32]* %2 to i8* %5 = getelementptr inbounds [64 x i8], [64 x i8]* %3, i64 0, i64 0 %6 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %0, i64 0, i32 2 %7 = load i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %51, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 0 %11 = getelementptr inbounds [16 x i32], [16 x i32]* %2, i64 0, i64 4 %12 = bitcast i32* %11 to i8* call fastcc void @crng_make_state(i32* nonnull %10, i8* %12, i64 32) #69 Function:crng_make_state %4 = alloca i64, align 8 %5 = alloca [32 x i8], align 16 %6 = alloca [64 x i8], align 16 %7 = icmp ugt i64 %2, 32 br i1 %7, label %8, label %9, !prof !4, !misexpect !5 %10 = load i32, i32* @crng_init, align 4 %11 = icmp ugt i32 %10, 1 br i1 %11, label %30, label %12, !prof !8, !misexpect !9 %13 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 3, i32 0, i32 0)) #69 %14 = load i32, i32* @crng_init, align 4 %15 = icmp ugt i32 %14, 1 br i1 %15, label %16, label %17, !prof !8, !misexpect !9 %18 = icmp eq i32 %14, 0 br i1 %18, label %19, label %20 tail call fastcc void @extract_entropy(i8* getelementptr inbounds (%struct.anon.98.348564, %struct.anon.98.348564* @base_crng, i64 0, i32 0, i64 0)) #70 ------------- Good: 1251 Bad: 24 Ignored: 2304 Check Use of Function:serial8250_pm Check Use of Function:serial8250_get_mctrl Check Use of Function:serial8250_verify_port Check Use of Function:kernel_setsockopt Check Use of Function:serial8250_request_port Check Use of Function:tty_name Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %130 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %130 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %130 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %130 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %1, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 n_tty_ioctl_helper 3 n_tty_ioctl ------------- Path:  Function:n_tty_ioctl %5 = getelementptr inbounds %struct.tty_struct.337069, %struct.tty_struct.337069* %0, i64 0, i32 36 %6 = bitcast i8** %5 to %struct.n_tty_data** %7 = load %struct.n_tty_data*, %struct.n_tty_data** %6, align 8 switch i32 %2, label %60 [ i32 21521, label %8 i32 21531, label %12 ] %61 = tail call i32 bitcast (i32 (%struct.tty_struct.337361*, %struct.file.337169*, i32, i64)* @n_tty_ioctl_helper to i32 (%struct.tty_struct.337069*, %struct.file.337007*, i32, i64)*)(%struct.tty_struct.337069* %0, %struct.file.337007* %1, i32 %2, i64 %3) #69 Function:n_tty_ioctl_helper switch i32 %2, label %102 [ i32 21514, label %5 i32 21515, label %43 ] %6 = tail call i32 bitcast (i32 (%struct.tty_struct.339591*)* @tty_check_change to i32 (%struct.tty_struct.337361*)*)(%struct.tty_struct.337361* %0) #69 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %0, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 tty_check_change 2 n_tty_write ------------- Path:  Function:n_tty_write %5 = alloca %struct.wait_queue_entry, align 8 %6 = bitcast %struct.wait_queue_entry* %5 to i8* %7 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %9 = tail call %struct.task_struct.336969* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.336969** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.336969**)) #10, !srcloc !4 %10 = bitcast i8** %8 to %struct.task_struct.336969** store %struct.task_struct.336969* %9, %struct.task_struct.336969** %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %11, align 8 %12 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %13 = getelementptr inbounds %struct.list_head, %struct.list_head* %12, i64 0, i32 0 store %struct.list_head* %12, %struct.list_head** %13, align 8 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %12, %struct.list_head** %14, align 8 %15 = getelementptr inbounds %struct.tty_struct.337069, %struct.tty_struct.337069* %0, i64 0, i32 15, i32 3 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 256 %18 = icmp eq i32 %17, 0 br i1 %18, label %30, label %19 %20 = getelementptr inbounds %struct.file.337007, %struct.file.337007* %1, i64 0, i32 3 %21 = load %struct.file_operations.336995*, %struct.file_operations.336995** %20, align 8 %22 = getelementptr inbounds %struct.file_operations.336995, %struct.file_operations.336995* %21, i64 0, i32 3 %23 = load i64 (%struct.file.337007*, i8*, i64, i64*)*, i64 (%struct.file.337007*, i8*, i64, i64*)** %22, align 8 %24 = icmp eq i64 (%struct.file.337007*, i8*, i64, i64*)* %23, bitcast (i64 (%struct.file.250940*, i8*, i64, i64*)* @redirected_tty_write to i64 (%struct.file.337007*, i8*, i64, i64*)*) br i1 %24, label %30, label %25 %26 = call i32 bitcast (i32 (%struct.tty_struct.339591*)* @tty_check_change to i32 (%struct.tty_struct.337069*)*)(%struct.tty_struct.337069* %0) #69 Function:tty_check_change %2 = tail call i32 @__tty_check_change(%struct.tty_struct.339591* %0, i32 22) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_check_change 1 n_tty_read ------------- Path:  Function:n_tty_read %5 = alloca i64, align 8 %6 = alloca i8*, align 8 %7 = alloca %struct.wait_queue_entry, align 8 store i64 %3, i64* %5, align 8 %8 = getelementptr inbounds %struct.tty_struct.337069, %struct.tty_struct.337069* %0, i64 0, i32 36 %9 = bitcast i8** %8 to %struct.n_tty_data** %10 = load %struct.n_tty_data*, %struct.n_tty_data** %9, align 8 %11 = bitcast i8** %6 to i8* store i8* %2, i8** %6, align 8 %12 = bitcast %struct.wait_queue_entry* %7 to i8* %13 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 0 store i32 0, i32* %13, align 8 %14 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 1 %15 = tail call %struct.task_struct.336969* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.336969** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.336969**)) #10, !srcloc !4 %16 = bitcast i8** %14 to %struct.task_struct.336969** store %struct.task_struct.336969* %15, %struct.task_struct.336969** %16, align 8 %17 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @woken_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %17, align 8 %18 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3 %19 = getelementptr inbounds %struct.list_head, %struct.list_head* %18, i64 0, i32 0 store %struct.list_head* %18, %struct.list_head** %19, align 8 %20 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %7, i64 0, i32 3, i32 1 store %struct.list_head* %18, %struct.list_head** %20, align 8 %21 = getelementptr inbounds %struct.file.337007, %struct.file.337007* %1, i64 0, i32 3 %22 = load %struct.file_operations.336995*, %struct.file_operations.336995** %21, align 8 %23 = getelementptr inbounds %struct.file_operations.336995, %struct.file_operations.336995* %22, i64 0, i32 3 %24 = load i64 (%struct.file.337007*, i8*, i64, i64*)*, i64 (%struct.file.337007*, i8*, i64, i64*)** %23, align 8 %25 = icmp eq i64 (%struct.file.337007*, i8*, i64, i64*)* %24, bitcast (i64 (%struct.file.250940*, i8*, i64, i64*)* @redirected_tty_write to i64 (%struct.file.337007*, i8*, i64, i64*)*) br i1 %25, label %31, label %26 %27 = call i32 bitcast (i32 (%struct.tty_struct.339591*, i32)* @__tty_check_change to i32 (%struct.tty_struct.337069*, i32)*)(%struct.tty_struct.337069* %0, i32 21) #69 Function:__tty_check_change %3 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 87 %5 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %6 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %5, i64 0, i32 24 %7 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %6, align 8 %8 = icmp eq %struct.tty_struct.339591* %7, %0 br i1 %8, label %9, label %50 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %10 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %4, align 8 %11 = getelementptr %struct.signal_struct.339597, %struct.signal_struct.339597* %10, i64 0, i32 21, i64 2 %12 = load %struct.pid.42861*, %struct.pid.42861** %11, align 8 %13 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 13, i32 0, i32 0 %14 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %13) #69 %15 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %0, i64 0, i32 19 %16 = load %struct.pid.42861*, %struct.pid.42861** %15, align 8 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %13, i64 %14) #69 %17 = icmp eq %struct.pid.42861* %16, null %18 = icmp eq %struct.pid.42861* %12, %16 %19 = or i1 %17, %18 br i1 %19, label %44, label %20 %21 = add i32 %1, -1 %22 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 89, i32 0, i64 0 %23 = load i64, i64* %22, align 8 %24 = zext i32 %21 to i64 %25 = shl nuw i64 1, %24 %26 = and i64 %23, %25 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %35 %29 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %3, i64 0, i32 88 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %29, align 32 %31 = sext i32 %21 to i64 %32 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 3, i64 %31, i32 0, i32 0 %33 = load void (i32)*, void (i32)** %32, align 8 %34 = icmp eq void (i32)* %33, inttoptr (i64 1 to void (i32)*) br i1 %34, label %35, label %38 %36 = icmp eq i32 %1, 21 %37 = select i1 %36, i32 -5, i32 0 br label %44 %45 = phi i32 [ -512, %41 ], [ 0, %9 ], [ %37, %35 ], [ -5, %38 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br i1 %17, label %46, label %50 %47 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 %48 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct.343708, %struct.tty_struct.343708* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct.343708, %struct.tty_struct.343708* %0, i64 0, i32 44 %26 = load %struct.tty_port.343701*, %struct.tty_port.343701** %25, align 8 tail call void bitcast (void (%struct.tty_port.338443*, %struct.tty_struct.338440*, %struct.file.338383*)* @tty_port_close to void (%struct.tty_port.343701*, %struct.tty_struct.343708*, %struct.file.343648*)*)(%struct.tty_port.343701* %26, %struct.tty_struct.343708* %0, %struct.file.343648* %1) #69 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.338443* %0, %struct.tty_struct.338440* %1, %struct.file.338383* %2) #69 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file.250940*)* @tty_hung_up_p to i32 (%struct.file.338383*)*)(%struct.file.338383* %2) #69 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %73 %7 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = getelementptr inbounds %struct.tty_struct.338440, %struct.tty_struct.338440* %1, i64 0, i32 22 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %15 = icmp eq i32 %13, 1 br i1 %15, label %21, label %16 %17 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.338440*)*)(%struct.tty_struct.338440* %1) #69 %18 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.338440*)*)(%struct.tty_struct.338440* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_close_start 1 tty_port_close 2 uart_close ------------- Path:  Function:uart_close %3 = getelementptr inbounds %struct.tty_struct.343708, %struct.tty_struct.343708* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = icmp eq %struct.uart_state* %5, null br i1 %6, label %7, label %24 %25 = getelementptr inbounds %struct.tty_struct.343708, %struct.tty_struct.343708* %0, i64 0, i32 44 %26 = load %struct.tty_port.343701*, %struct.tty_port.343701** %25, align 8 tail call void bitcast (void (%struct.tty_port.338443*, %struct.tty_struct.338440*, %struct.file.338383*)* @tty_port_close to void (%struct.tty_port.343701*, %struct.tty_struct.343708*, %struct.file.343648*)*)(%struct.tty_port.343701* %26, %struct.tty_struct.343708* %0, %struct.file.343648* %1) #69 Function:tty_port_close %4 = tail call i32 @tty_port_close_start(%struct.tty_port.338443* %0, %struct.tty_struct.338440* %1, %struct.file.338383* %2) #69 Function:tty_port_close_start %4 = tail call i32 bitcast (i32 (%struct.file.250940*)* @tty_hung_up_p to i32 (%struct.file.338383*)*)(%struct.file.338383* %2) #69 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %73 %7 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 5, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = getelementptr inbounds %struct.tty_struct.338440, %struct.tty_struct.338440* %1, i64 0, i32 22 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 1 %12 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 br i1 %11, label %14, label %23 %24 = add i32 %13, -1 %25 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 7 store i32 %24, i32* %25, align 8 %26 = icmp slt i32 %24, 0 br i1 %26, label %27, label %32 %28 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_driver_name to i8* (%struct.tty_struct.338440*)*)(%struct.tty_struct.338440* %1) #69 %29 = tail call i8* bitcast (i8* (%struct.tty_struct.251245*)* @tty_name to i8* (%struct.tty_struct.338440*)*)(%struct.tty_struct.338440* %1) #69 ------------- Good: 22 Bad: 9 Ignored: 39 Check Use of Function:vt_do_kbkeycode_ioctl Check Use of Function:__tty_hangup Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl 4 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_vhangup_session 1 disassociate_ctty 2 tty_jobctrl_ioctl 3 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 ------------- Good: 4 Bad: 4 Ignored: 18 Check Use of Function:rtc_set_time Check Use of Function:cpus_read_lock Use: =BAD PATH= Call Stack: 0 kmem_cache_shrink_all 1 shrink_store ------------- Path:  Function:shrink_store %4 = load i8, i8* %1, align 1 %5 = icmp eq i8 %4, 49 br i1 %5, label %6, label %7 tail call void @kmem_cache_shrink_all(%struct.kmem_cache* %0) #69 Function:kmem_cache_shrink_all tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %87, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %87 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %63 i32 16, label %66 i32 32, label %75 i32 64, label %78 ] %76 = tail call fastcc i32 @membarrier_private_expedited(i32 1) #69 Function:membarrier_private_expedited %2 = alloca [1 x %struct.cpumask], align 8 %3 = bitcast [1 x %struct.cpumask]* %2 to i8* %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %4, i64 0, i32 33 %6 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %5, align 8 %7 = and i32 %0, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.mm_struct.54212, %struct.mm_struct.54212* %6, i64 0, i32 0, i32 11, i32 0 %10 = load volatile i32, i32* %9, align 4 br i1 %8, label %14, label %11 %12 = and i32 %10, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %57, label %17 %18 = phi void (i8*)* [ @ipi_mb, %14 ], [ @ipi_sync_core, %11 ] %19 = getelementptr inbounds %struct.mm_struct.54212, %struct.mm_struct.54212* %6, i64 0, i32 0, i32 12, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 1 br i1 %21, label %57, label %22 %23 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %24 = icmp eq i32 %23, 1 br i1 %24, label %57, label %25 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %26, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 membarrier_private_expedited 1 __se_sys_membarrier 2 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %87, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %87 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %63 i32 16, label %66 i32 32, label %75 i32 64, label %78 ] %76 = tail call fastcc i32 @membarrier_private_expedited(i32 1) #69 Function:membarrier_private_expedited %2 = alloca [1 x %struct.cpumask], align 8 %3 = bitcast [1 x %struct.cpumask]* %2 to i8* %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %4, i64 0, i32 33 %6 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %5, align 8 %7 = and i32 %0, 1 %8 = icmp eq i32 %7, 0 %9 = getelementptr inbounds %struct.mm_struct.54212, %struct.mm_struct.54212* %6, i64 0, i32 0, i32 11, i32 0 %10 = load volatile i32, i32* %9, align 4 br i1 %8, label %14, label %11 %12 = and i32 %10, 16 %13 = icmp eq i32 %12, 0 br i1 %13, label %57, label %17 %18 = phi void (i8*)* [ @ipi_mb, %14 ], [ @ipi_sync_core, %11 ] %19 = getelementptr inbounds %struct.mm_struct.54212, %struct.mm_struct.54212* %6, i64 0, i32 0, i32 12, i32 0 %20 = load volatile i32, i32* %19, align 4 %21 = icmp eq i32 %20, 1 br i1 %21, label %57, label %22 %23 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %24 = icmp eq i32 %23, 1 br i1 %24, label %57, label %25 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %26, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __ia32_sys_membarrier ------------- Path:  Function:__ia32_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_membarrier(i64 %4, i64 %7) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %87, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %87 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %63 i32 16, label %66 i32 32, label %75 i32 64, label %78 ] %14 = bitcast [1 x %struct.cpumask]* %3 to i8* %15 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %53, label %17 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_membarrier 1 __x64_sys_membarrier ------------- Path:  Function:__x64_sys_membarrier %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_membarrier(i64 %3, i64 %5) #69 Function:__se_sys_membarrier %3 = alloca [1 x %struct.cpumask], align 8 %4 = trunc i64 %1 to i32 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %87, !prof !4, !misexpect !5 %7 = trunc i64 %0 to i32 switch i32 %7, label %87 [ i32 0, label %8 i32 1, label %9 i32 2, label %13 i32 4, label %54 i32 8, label %63 i32 16, label %66 i32 32, label %75 i32 64, label %78 ] %14 = bitcast [1 x %struct.cpumask]* %3 to i8* %15 = load volatile i32, i32* getelementptr inbounds (%struct.kuid_t, %struct.kuid_t* @__num_online_cpus, i64 0, i32 0), align 4 %16 = icmp eq i32 %15, 1 br i1 %16, label %53, label %17 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %18 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %3, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %18, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_pool_ids_show ------------- Path:  Function:wq_pool_ids_show %4 = getelementptr %struct.device.49425, %struct.device.49425* %0, i64 -1, i32 37 %5 = bitcast i8* %4 to %struct.workqueue_struct** %6 = load %struct.workqueue_struct*, %struct.workqueue_struct** %5, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_nice_store ------------- Path:  Function:wq_nice_store %5 = getelementptr %struct.device.49425, %struct.device.49425* %0, i64 -1, i32 37 %6 = bitcast i8* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_cpumask_store ------------- Path:  Function:wq_cpumask_store %5 = getelementptr %struct.device.49425, %struct.device.49425* %0, i64 -1, i32 37 %6 = bitcast i8* %5 to %struct.workqueue_struct** %7 = load %struct.workqueue_struct*, %struct.workqueue_struct** %6, align 8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 wq_numa_store ------------- Path:  Function:wq_numa_store %5 = alloca i32, align 4 %6 = getelementptr %struct.device.49425, %struct.device.49425* %0, i64 -1, i32 37 %7 = bitcast i8* %6 to %struct.workqueue_struct** %8 = load %struct.workqueue_struct*, %struct.workqueue_struct** %7, align 8 %9 = bitcast i32* %5 to i8* tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 workqueue_set_unbound_cpumask 1 wq_unbound_cpumask_store ------------- Path:  Function:wq_unbound_cpumask_store %5 = alloca [1 x %struct.cpumask], align 8 %6 = bitcast [1 x %struct.cpumask]* %5 to i8* %7 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %7, align 8 %8 = tail call i8* @strchrnul(i8* %2, i32 10) #69 %9 = ptrtoint i8* %8 to i64 %10 = ptrtoint i8* %2 to i64 %11 = sub i64 %9, %10 %12 = trunc i64 %11 to i32 %13 = call i32 @__bitmap_parse(i8* %2, i32 %12, i32 0, i64* nonnull %7, i32 64) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %5, i64 0, i64 0 %17 = call i32 @workqueue_set_unbound_cpumask(%struct.cpumask* nonnull %16) #70 Function:workqueue_set_unbound_cpumask %2 = alloca %struct.list_head, align 8 %3 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %0, i64 0, i32 0, i64 0 %4 = load i64, i64* %3, align 8 %5 = load i64, i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_possible_mask, i64 0, i32 0, i64 0), align 8 %6 = and i64 %5, %4 store i64 %6, i64* %3, align 8 %7 = icmp eq i64 %6, 0 br i1 %7, label %70, label %8 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 set_sysctl_tfa ------------- Path:  Function:set_sysctl_tfa %5 = alloca i8, align 1 %6 = call i32 @kstrtobool(i8* %2, i8* nonnull %5) #69 %7 = icmp eq i32 %6, 0 br i1 %7, label %10, label %8 %11 = load i8, i8* %5, align 1, !range !4 %12 = load i8, i8* @allow_tsx_force_abort, align 1, !range !4 %13 = icmp eq i8 %11, %12 br i1 %13, label %15, label %14 store i8 %11, i8* @allow_tsx_force_abort, align 1 call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 mtrr_del_page 1 mtrr_del 2 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = lshr i64 %1, 12 %15 = lshr i64 %2, 12 %16 = tail call i32 @mtrr_del_page(i32 %0, i64 %14, i64 %15) #70 Function:mtrr_del_page %4 = alloca %struct.set_mtrr_data, align 8 %5 = alloca i8, align 1 %6 = alloca i64, align 8 %7 = alloca i64, align 8 %8 = bitcast i64* %6 to i8* %9 = bitcast i64* %7 to i8* %10 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %65, label %12 %13 = load i32, i32* @num_var_ranges, align 4 tail call void @cpus_read_lock() #69 ------------- Use: =BAD PATH= Call Stack: 0 reload_store ------------- Path:  Function:reload_store %5 = alloca i64, align 8 %6 = load i16, i16* getelementptr inbounds (%struct.cpuinfo_x86, %struct.cpuinfo_x86* @boot_cpu_data, i64 0, i32 30), align 4 %7 = zext i16 %6 to i32 %8 = bitcast i64* %5 to i8* %9 = call i32 @kstrtoull(i8* %2, i32 0, i64* nonnull %5) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = load i64, i64* %5, align 8 %15 = icmp eq i64 %14, 1 br i1 %15, label %16, label %53 call void @cpus_read_lock() #69 ------------- Good: 468 Bad: 13 Ignored: 316 Check Use of Function:cpus_read_unlock Check Use of Function:security_msg_queue_associate Use: =BAD PATH= Call Stack: 0 ksys_msgget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %72 = tail call i64 @ksys_msgget(i32 %1, i32 %2) #69 Function:ksys_msgget %3 = alloca %struct.ipc_params, align 8 %4 = bitcast %struct.ipc_params* %3 to i8* %5 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %5, i64 0, i32 86 %7 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %6, align 16 %8 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %7, i64 0, i32 2 %9 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %8, align 8 %10 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 0 store i32 %0, i32* %10, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %3, i64 0, i32 1 store i32 %1, i32* %11, align 4 %12 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %9, i64 0, i32 1, i64 1 %13 = call i32 @ipcget(%struct.ipc_namespace.243034* %9, %struct.ipc_ids* %12, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_msgget ------------- Path:  Function:__x64_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace.243034* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_msgget ------------- Path:  Function:__ia32_sys_msgget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = trunc i64 %6 to i32 %9 = bitcast %struct.ipc_params* %2 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %7, i32* %15, align 8 %16 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %8, i32* %16, align 4 %17 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %14, i64 0, i32 1, i64 1 %18 = call i32 @ipcget(%struct.ipc_namespace.243034* %14, %struct.ipc_ids* %17, %struct.ipc_ops* nonnull @ksys_msgget.msg_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:security_msg_queue_msgsnd Check Use of Function:tcp_send_window_probe Check Use of Function:scsi_init_command Check Use of Function:ipc_rcu_putref Check Use of Function:to_compat_ipc64_perm Check Use of Function:sk_stream_write_space Check Use of Function:to_compat_ipc_perm Check Use of Function:security_sem_semop Check Use of Function:perform_atomic_semop Check Use of Function:sem_lock Check Use of Function:do_smart_update Check Use of Function:send_signal Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %58 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 5 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %67 %68 = tail call fastcc i32 @send_signal(i32 %4, %struct.kernel_siginfo* %0, %struct.task_struct.43108* %1, i32 0) #70 ------------- Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %58 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 5 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %67 %68 = tail call fastcc i32 @send_signal(i32 %4, %struct.kernel_siginfo* %0, %struct.task_struct.43108* %1, i32 0) #70 ------------- Use: =BAD PATH= Call Stack: 0 force_sig_info_to_task 1 force_sig 2 signal_fault 3 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %58 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 5 %59 = load i32, i32* %58, align 8 %60 = icmp eq i32 %59, 0 br i1 %60, label %61, label %67 %68 = tail call fastcc i32 @send_signal(i32 %4, %struct.kernel_siginfo* %0, %struct.task_struct.43108* %1, i32 0) #70 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr ------------- Path:  Function:nfs_setattr %3 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %0, i64 0, i32 5 %4 = load %struct.inode.197661*, %struct.inode.197661** %3, align 8 %5 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %4, i64 0, i32 8 %6 = load %struct.super_block.197647*, %struct.super_block.197647** %5, align 8 %7 = getelementptr inbounds %struct.super_block.197647, %struct.super_block.197647* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.197784** %9 = load %struct.nfs_server.197784*, %struct.nfs_server.197784** %8, align 32 %10 = getelementptr inbounds %struct.nfs_server.197784, %struct.nfs_server.197784* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.iattr.197653, %struct.iattr.197653* %1, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 6144 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = phi i32 [ %14, %2 ], [ %18, %17 ] %21 = and i32 %20, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %42, label %23 %24 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %4, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %29, label %28, !prof !5, !misexpect !6 %30 = getelementptr inbounds %struct.iattr.197653, %struct.iattr.197653* %1, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = tail call i32 bitcast (i32 (%struct.inode.137152*, i64)* @inode_newsize_ok to i32 (%struct.inode.197661*, i64)*)(%struct.inode.197661* %4, i64 %31) #69 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %29, label %4 %5 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %21 %9 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %10 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %9, i64 0, i32 87 %11 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %10, align 8 %12 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %11, i64 0, i32 49, i64 1, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %27, label %15 %28 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %9, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 inode_newsize_ok 2 nfs_setattr 3 nfs_namespace_setattr ------------- Path:  Function:nfs_namespace_setattr %3 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %4 = load %struct.inode.195275*, %struct.inode.195275** %3, align 8 %5 = getelementptr %struct.inode.195275, %struct.inode.195275* %4, i64 -1, i32 15, i32 1 %6 = getelementptr inbounds i64, i64* %5, i64 1 %7 = bitcast i64* %6 to i16* %8 = load i16, i16* %7, align 2 %9 = icmp eq i16 %8, 0 br i1 %9, label %12, label %10 %11 = tail call i32 bitcast (i32 (%struct.dentry.197651*, %struct.iattr.197653*)* @nfs_setattr to i32 (%struct.dentry.195278*, %struct.iattr.194676*)*)(%struct.dentry.195278* %0, %struct.iattr.194676* %1) #69 Function:nfs_setattr %3 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %0, i64 0, i32 5 %4 = load %struct.inode.197661*, %struct.inode.197661** %3, align 8 %5 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %4, i64 0, i32 8 %6 = load %struct.super_block.197647*, %struct.super_block.197647** %5, align 8 %7 = getelementptr inbounds %struct.super_block.197647, %struct.super_block.197647* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.197784** %9 = load %struct.nfs_server.197784*, %struct.nfs_server.197784** %8, align 32 %10 = getelementptr inbounds %struct.nfs_server.197784, %struct.nfs_server.197784* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 13 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.iattr.197653, %struct.iattr.197653* %1, i64 0, i32 0 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 6144 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = phi i32 [ %14, %2 ], [ %18, %17 ] %21 = and i32 %20, 8 %22 = icmp eq i32 %21, 0 br i1 %22, label %42, label %23 %24 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %4, i64 0, i32 0 %25 = load i16, i16* %24, align 8 %26 = and i16 %25, -4096 %27 = icmp eq i16 %26, -32768 br i1 %27, label %29, label %28, !prof !5, !misexpect !6 %30 = getelementptr inbounds %struct.iattr.197653, %struct.iattr.197653* %1, i64 0, i32 4 %31 = load i64, i64* %30, align 8 %32 = tail call i32 bitcast (i32 (%struct.inode.137152*, i64)* @inode_newsize_ok to i32 (%struct.inode.197661*, i64)*)(%struct.inode.197661* %4, i64 %31) #69 Function:inode_newsize_ok %3 = icmp slt i64 %1, 0 br i1 %3, label %29, label %4 %5 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %0, i64 0, i32 14 %6 = load i64, i64* %5, align 8 %7 = icmp slt i64 %6, %1 br i1 %7, label %8, label %21 %9 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %10 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %9, i64 0, i32 87 %11 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %10, align 8 %12 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %11, i64 0, i32 49, i64 1, i32 0 %13 = load volatile i64, i64* %12, align 8 %14 = icmp ult i64 %13, %1 br i1 %14, label %27, label %15 %28 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %9, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 io_uring_flush ------------- Path:  Function:io_uring_flush %3 = getelementptr inbounds %struct.file.152533, %struct.file.152533* %0, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.io_ring_ctx** %5 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %4, align 8 %6 = tail call %struct.task_struct.152473* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.152473** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.152473**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.152473, %struct.task_struct.152473* %6, i64 0, i32 0, i32 0 %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 4 %10 = icmp eq i64 %9, 0 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.task_struct.152473, %struct.task_struct.152473* %6, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %63, label %21 %22 = bitcast i8* %1 to %struct.files_struct.152043* %23 = getelementptr inbounds %struct.io_ring_ctx, %struct.io_ring_ctx* %5, i64 0, i32 22 %24 = bitcast %struct.list_head* %23 to i64* %25 = load volatile i64, i64* %24, align 8 %26 = inttoptr i64 %25 to %struct.list_head* %27 = icmp eq %struct.list_head* %23, %26 br i1 %27, label %63, label %28 %29 = getelementptr inbounds %struct.io_ring_ctx, %struct.io_ring_ctx* %5, i64 0, i32 23 %30 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %29, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %30) #69 %31 = bitcast %struct.list_head* %23 to i8** %32 = load i8*, i8** %31, align 8 %33 = bitcast i8* %32 to %struct.list_head* %34 = icmp eq %struct.list_head* %23, %33 br i1 %34, label %61, label %35 %36 = icmp eq i8* %1, null br label %37 %38 = phi i8* [ %32, %35 ], [ %58, %56 ] br i1 %36, label %44, label %39 %40 = getelementptr i8, i8* %38, i64 -56 %41 = bitcast i8* %40 to %struct.files_struct.152043** %42 = load %struct.files_struct.152043*, %struct.files_struct.152043** %41, align 8 %43 = icmp eq %struct.files_struct.152043* %42, %22 br i1 %43, label %44, label %56 %45 = getelementptr i8, i8* %38, i64 -88 %46 = bitcast i8* %45 to i32* %47 = load i32, i32* %46, align 8 %48 = or i32 %47, 16384 %49 = tail call i32 asm sideeffect "xchgl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %46, i32 %48, i32* %46) #6, !srcloc !5 %50 = getelementptr i8, i8* %38, i64 -8 %51 = bitcast i8* %50 to %struct.task_struct.152473** %52 = load %struct.task_struct.152473*, %struct.task_struct.152473** %51, align 8 %53 = icmp eq %struct.task_struct.152473* %52, null br i1 %53, label %56, label %54 %55 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.152473*, i32)*)(i32 2, %struct.task_struct.152473* nonnull %52, i32 1) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 generic_write_checks 2 nfs_file_direct_write 3 nfs_file_write ------------- Path:  Function:nfs_file_write %3 = getelementptr inbounds %struct.kiocb.195473, %struct.kiocb.195473* %0, i64 0, i32 0 %4 = load %struct.file.196086*, %struct.file.196086** %3, align 8 %5 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %4, i64 0, i32 2 %6 = load %struct.inode.196077*, %struct.inode.196077** %5, align 8 %7 = tail call i32 bitcast (i32 (%struct.file.195283*, %struct.inode.195275*)* @nfs_key_timeout_notify to i32 (%struct.file.196086*, %struct.inode.196077*)*)(%struct.file.196086* %4, %struct.inode.196077* %6) #69 %8 = icmp eq i32 %7, 0 br i1 %8, label %11, label %9 %12 = getelementptr inbounds %struct.kiocb.195473, %struct.kiocb.195473* %0, i64 0, i32 4 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i64 bitcast (i64 (%struct.kiocb.199371*, %struct.iov_iter*, i1)* @nfs_file_direct_write to i64 (%struct.kiocb.195473*, %struct.iov_iter*, i1)*)(%struct.kiocb.195473* %0, %struct.iov_iter* %1, i1 zeroext false) #69 Function:nfs_file_direct_write %4 = getelementptr inbounds %struct.kiocb.199371, %struct.kiocb.199371* %0, i64 0, i32 0 %5 = load %struct.file.199906*, %struct.file.199906** %4, align 8 %6 = getelementptr inbounds %struct.file.199906, %struct.file.199906* %5, i64 0, i32 19 %7 = load %struct.address_space.199376*, %struct.address_space.199376** %6, align 8 %8 = getelementptr inbounds %struct.address_space.199376, %struct.address_space.199376* %7, i64 0, i32 0 %9 = load %struct.inode.199897*, %struct.inode.199897** %8, align 8 br i1 %2, label %10, label %13 %14 = tail call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @generic_write_checks to i64 (%struct.kiocb.199371*, %struct.iov_iter*)*)(%struct.kiocb.199371* %0, %struct.iov_iter* %1) #69 Function:generic_write_checks %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 256 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %68 %14 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %15 = load i64, i64* %14, align 8 %16 = icmp eq i64 %15, 0 br i1 %16, label %68, label %17 %18 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 4 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 2 %21 = icmp eq i32 %20, 0 br i1 %21, label %26, label %22 %27 = and i32 %19, 132 %28 = icmp eq i32 %27, 128 br i1 %28, label %68, label %29 %30 = load i64, i64* %14, align 8 %31 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %34 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %33, i64 0, i32 0 %35 = load %struct.inode.108461*, %struct.inode.108461** %34, align 8 %36 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %35, i64 0, i32 8 %37 = load %struct.super_block.108444*, %struct.super_block.108444** %36, align 8 %38 = getelementptr inbounds %struct.super_block.108444, %struct.super_block.108444* %37, i64 0, i32 4 %39 = load i64, i64* %38, align 32 %40 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %41 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %40, i64 0, i32 87 %42 = load %struct.signal_struct.108377*, %struct.signal_struct.108377** %41, align 8 %43 = getelementptr %struct.signal_struct.108377, %struct.signal_struct.108377* %42, i64 0, i32 49, i64 1, i32 0 %44 = load volatile i64, i64* %43, align 8 %45 = icmp eq i64 %44, -1 br i1 %45, label %54, label %46 %47 = icmp sgt i64 %44, %32 br i1 %47, label %50, label %48 %49 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.108433*, i32)*)(i32 25, %struct.task_struct.108433* %40, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr ------------- Path:  Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 sockfs_setattr ------------- Path:  Function:sockfs_setattr %3 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.251145*, %struct.iattr.251147*)*)(%struct.dentry.251145* %0, %struct.iattr.251147* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 simple_setattr 3 notify_change 4 file_remove_privs 5 __generic_file_write_iter 6 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.134289*, i32)* @inode_permission to i32 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %247 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 %59 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 0 br i1 %58, label %60, label %62 %63 = load i64, i64* %59, align 8 %64 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 1 %65 = load i64, i64* %64, align 8 %66 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %63, i64 %65, %struct.inode.137152* %5) #69 %67 = extractvalue { i64, i64 } %66, 0 %68 = extractvalue { i64, i64 } %66, 1 store i64 %67, i64* %59, align 8 store i64 %68, i64* %64, align 8 br label %69 %70 = and i32 %9, 256 %71 = icmp eq i32 %70, 0 %72 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 0 br i1 %71, label %73, label %75 %76 = load i64, i64* %72, align 8 %77 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 1 %78 = load i64, i64* %77, align 8 %79 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %76, i64 %78, %struct.inode.137152* %5) #69 %80 = extractvalue { i64, i64 } %79, 0 %81 = extractvalue { i64, i64 } %79, 1 store i64 %80, i64* %72, align 8 store i64 %81, i64* %77, align 8 br label %82 %83 = and i32 %9, 16384 %84 = icmp eq i32 %83, 0 br i1 %84, label %94, label %85 %95 = phi i32 [ %36, %82 ], [ %36, %88 ], [ %93, %90 ] %96 = phi i32 [ %9, %82 ], [ %9, %88 ], [ %92, %90 ] %97 = and i32 %96, 6144 %98 = icmp eq i32 %97, 0 %99 = icmp eq i32 %95, 0 %100 = or i1 %98, %99 br i1 %100, label %102, label %101 %103 = and i32 %96, 2048 %104 = icmp eq i32 %103, 0 %105 = and i16 %7, 2048 %106 = icmp eq i16 %105, 0 %107 = or i1 %106, %104 br i1 %107, label %114, label %108 %115 = phi i32 [ %110, %108 ], [ %96, %102 ] %116 = and i32 %115, 4096 %117 = icmp ne i32 %116, 0 %118 = and i16 %7, 1032 %119 = icmp eq i16 %118, 1032 %120 = and i1 %119, %117 br i1 %120, label %121, label %137 %138 = phi i32 [ %134, %132 ], [ %115, %114 ] %139 = load i32, i32* %8, align 8 %140 = and i32 %139, -6145 %141 = icmp eq i32 %140, 0 br i1 %141, label %247, label %142 %143 = and i32 %138, 2 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %146 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %147 = load i32, i32* %146, align 8 %148 = icmp eq i32 %147, -1 br i1 %148, label %247, label %149 %150 = and i32 %138, 4 %151 = icmp eq i32 %150, 0 br i1 %151, label %156, label %152 %153 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %154, -1 br i1 %155, label %247, label %156 br i1 %144, label %157, label %161 %158 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 2, i32 0 %159 = load i32, i32* %158, align 4 %160 = icmp eq i32 %159, -1 br i1 %160, label %247, label %161 br i1 %151, label %162, label %166 %163 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 3, i32 0 %164 = load i32, i32* %163, align 8 %165 = icmp eq i32 %164, -1 br i1 %165, label %247, label %166 %167 = tail call i32 bitcast (i32 (%struct.dentry.112781*, %struct.iattr.112338*)* @security_inode_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %247 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 40 %171 = load %struct.file_lock_context*, %struct.file_lock_context** %170, align 8 %172 = icmp eq %struct.file_lock_context* %171, null br i1 %172, label %190, label %173 %191 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 7 %192 = load %struct.inode_operations.137148*, %struct.inode_operations.137148** %191, align 8 %193 = getelementptr inbounds %struct.inode_operations.137148, %struct.inode_operations.137148* %192, i64 0, i32 13 %194 = bitcast {}** %193 to i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %195 = load i32 (%struct.dentry.137143*, %struct.iattr.137257*)*, i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %194, align 8 %196 = icmp eq i32 (%struct.dentry.137143*, %struct.iattr.137257*)* %195, null br i1 %196, label %199, label %197 %200 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 setattr_prepare 2 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %18 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %18, i64 0, i32 87 %20 = load %struct.signal_struct.137206*, %struct.signal_struct.137206** %19, align 8 %21 = getelementptr %struct.signal_struct.137206, %struct.signal_struct.137206* %20, i64 0, i32 49, i64 1, i32 0 %22 = load volatile i64, i64* %21, align 8 %23 = icmp ult i64 %22, %11 br i1 %23, label %35, label %24 %36 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.137256*, i32)*)(i32 25, %struct.task_struct.137256* %18, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 generic_copy_file_checks 2 vfs_copy_file_range 3 __se_sys_copy_file_range 4 __ia32_sys_copy_file_range ------------- Path:  Function:__ia32_sys_copy_file_range %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_copy_file_range(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_copy_file_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %5 to i32 %11 = bitcast i64* %7 to i8* %12 = bitcast i64* %8 to i8* %13 = tail call i64 @__fdget(i32 %9) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.96774* %16 = icmp eq i64 %14, 0 br i1 %16, label %80, label %17 %18 = trunc i64 %2 to i32 %19 = tail call i64 @__fdget(i32 %18) #69 %20 = and i64 %19, -4 %21 = inttoptr i64 %20 to %struct.file.96774* %22 = icmp eq i64 %20, 0 br i1 %22, label %75, label %23 %24 = icmp eq i64 %1, 0 br i1 %24, label %29, label %25 %30 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %15, i64 0, i32 10 %31 = load i64, i64* %30, align 8 store i64 %31, i64* %7, align 8 br label %32 %33 = icmp eq i64 %3, 0 br i1 %33, label %40, label %34 %41 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %21, i64 0, i32 10 %42 = load i64, i64* %41, align 8 store i64 %42, i64* %8, align 8 br label %43 %44 = phi i64 [ %39, %38 ], [ %42, %40 ] %45 = load i64, i64* %7, align 8 %46 = call i64 @vfs_copy_file_range(%struct.file.96774* nonnull %15, i64 %45, %struct.file.96774* nonnull %21, i64 %44, i64 %4, i32 %10) #69 Function:vfs_copy_file_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 store i64 %4, i64* %9, align 8 %10 = icmp eq i32 %5, 0 br i1 %10, label %11, label %242 %12 = call i32 bitcast (i32 (%struct.file.108469*, i64, %struct.file.108469*, i64, i64*, i32)* @generic_copy_file_checks to i32 (%struct.file.96774*, i64, %struct.file.96774*, i64, i64*, i32)*)(%struct.file.96774* %0, i64 %1, %struct.file.96774* %2, i64 %3, i64* nonnull %9, i32 0) #69 Function:generic_copy_file_checks %7 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 2 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 2 %10 = load %struct.inode.108461*, %struct.inode.108461** %9, align 8 %11 = load i64, i64* %4, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 0 %13 = load i16, i16* %12, align 8 %14 = and i16 %13, -4096 %15 = icmp eq i16 %14, 16384 br i1 %15, label %105, label %16 %17 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %10, i64 0, i32 0 %18 = load i16, i16* %17, align 8 %19 = and i16 %18, -4096 %20 = icmp eq i16 %19, 16384 br i1 %20, label %105, label %21 %22 = icmp eq i16 %14, -32768 %23 = icmp eq i16 %19, -32768 %24 = and i1 %22, %23 br i1 %24, label %25, label %105 %26 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 1 %29 = icmp eq i32 %28, 0 br i1 %29, label %105, label %30 %31 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 8 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 2 %34 = icmp eq i32 %33, 0 br i1 %34, label %105, label %35 %36 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 1024 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %105 %41 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %10, i64 0, i32 4 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 8 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %105 %46 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 4 %47 = load i32, i32* %46, align 4 %48 = or i32 %47, %42 %49 = and i32 %48, 256 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %105 %52 = xor i64 %1, -1 %53 = icmp ugt i64 %11, %52 %54 = xor i64 %3, -1 %55 = icmp ugt i64 %11, %54 %56 = or i1 %53, %55 br i1 %56, label %105, label %57 %58 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %59 = load i64, i64* %58, align 8 %60 = icmp sgt i64 %59, %1 %61 = sub i64 %59, %1 %62 = icmp ult i64 %11, %61 %63 = select i1 %62, i64 %11, i64 %61 %64 = select i1 %60, i64 %63, i64 0 %65 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 19 %66 = load %struct.address_space.108233*, %struct.address_space.108233** %65, align 8 %67 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %66, i64 0, i32 0 %68 = load %struct.inode.108461*, %struct.inode.108461** %67, align 8 %69 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %68, i64 0, i32 8 %70 = load %struct.super_block.108444*, %struct.super_block.108444** %69, align 8 %71 = getelementptr inbounds %struct.super_block.108444, %struct.super_block.108444* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %73, i64 0, i32 87 %75 = load %struct.signal_struct.108377*, %struct.signal_struct.108377** %74, align 8 %76 = getelementptr %struct.signal_struct.108377, %struct.signal_struct.108377* %75, i64 0, i32 49, i64 1, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = icmp eq i64 %77, -1 br i1 %78, label %87, label %79 %80 = icmp sgt i64 %77, %3 br i1 %80, label %83, label %81 %82 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.108433*, i32)*)(i32 25, %struct.task_struct.108433* %73, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 send_sig 1 generic_copy_file_checks 2 vfs_copy_file_range 3 __se_sys_copy_file_range 4 __x64_sys_copy_file_range ------------- Path:  Function:__x64_sys_copy_file_range %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_copy_file_range(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_copy_file_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %5 to i32 %11 = bitcast i64* %7 to i8* %12 = bitcast i64* %8 to i8* %13 = tail call i64 @__fdget(i32 %9) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.96774* %16 = icmp eq i64 %14, 0 br i1 %16, label %80, label %17 %18 = trunc i64 %2 to i32 %19 = tail call i64 @__fdget(i32 %18) #69 %20 = and i64 %19, -4 %21 = inttoptr i64 %20 to %struct.file.96774* %22 = icmp eq i64 %20, 0 br i1 %22, label %75, label %23 %24 = icmp eq i64 %1, 0 br i1 %24, label %29, label %25 %30 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %15, i64 0, i32 10 %31 = load i64, i64* %30, align 8 store i64 %31, i64* %7, align 8 br label %32 %33 = icmp eq i64 %3, 0 br i1 %33, label %40, label %34 %41 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %21, i64 0, i32 10 %42 = load i64, i64* %41, align 8 store i64 %42, i64* %8, align 8 br label %43 %44 = phi i64 [ %39, %38 ], [ %42, %40 ] %45 = load i64, i64* %7, align 8 %46 = call i64 @vfs_copy_file_range(%struct.file.96774* nonnull %15, i64 %45, %struct.file.96774* nonnull %21, i64 %44, i64 %4, i32 %10) #69 Function:vfs_copy_file_range %7 = alloca i64, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 store i64 %4, i64* %9, align 8 %10 = icmp eq i32 %5, 0 br i1 %10, label %11, label %242 %12 = call i32 bitcast (i32 (%struct.file.108469*, i64, %struct.file.108469*, i64, i64*, i32)* @generic_copy_file_checks to i32 (%struct.file.96774*, i64, %struct.file.96774*, i64, i64*, i32)*)(%struct.file.96774* %0, i64 %1, %struct.file.96774* %2, i64 %3, i64* nonnull %9, i32 0) #69 Function:generic_copy_file_checks %7 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 2 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 2 %10 = load %struct.inode.108461*, %struct.inode.108461** %9, align 8 %11 = load i64, i64* %4, align 8 %12 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 0 %13 = load i16, i16* %12, align 8 %14 = and i16 %13, -4096 %15 = icmp eq i16 %14, 16384 br i1 %15, label %105, label %16 %17 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %10, i64 0, i32 0 %18 = load i16, i16* %17, align 8 %19 = and i16 %18, -4096 %20 = icmp eq i16 %19, 16384 br i1 %20, label %105, label %21 %22 = icmp eq i16 %14, -32768 %23 = icmp eq i16 %19, -32768 %24 = and i1 %22, %23 br i1 %24, label %25, label %105 %26 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 8 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 1 %29 = icmp eq i32 %28, 0 br i1 %29, label %105, label %30 %31 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 8 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 2 %34 = icmp eq i32 %33, 0 br i1 %34, label %105, label %35 %36 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 7 %37 = load i32, i32* %36, align 8 %38 = and i32 %37, 1024 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %105 %41 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %10, i64 0, i32 4 %42 = load i32, i32* %41, align 4 %43 = and i32 %42, 8 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %105 %46 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 4 %47 = load i32, i32* %46, align 4 %48 = or i32 %47, %42 %49 = and i32 %48, 256 %50 = icmp eq i32 %49, 0 br i1 %50, label %51, label %105 %52 = xor i64 %1, -1 %53 = icmp ugt i64 %11, %52 %54 = xor i64 %3, -1 %55 = icmp ugt i64 %11, %54 %56 = or i1 %53, %55 br i1 %56, label %105, label %57 %58 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %8, i64 0, i32 14 %59 = load i64, i64* %58, align 8 %60 = icmp sgt i64 %59, %1 %61 = sub i64 %59, %1 %62 = icmp ult i64 %11, %61 %63 = select i1 %62, i64 %11, i64 %61 %64 = select i1 %60, i64 %63, i64 0 %65 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %2, i64 0, i32 19 %66 = load %struct.address_space.108233*, %struct.address_space.108233** %65, align 8 %67 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %66, i64 0, i32 0 %68 = load %struct.inode.108461*, %struct.inode.108461** %67, align 8 %69 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %68, i64 0, i32 8 %70 = load %struct.super_block.108444*, %struct.super_block.108444** %69, align 8 %71 = getelementptr inbounds %struct.super_block.108444, %struct.super_block.108444* %70, i64 0, i32 4 %72 = load i64, i64* %71, align 32 %73 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %73, i64 0, i32 87 %75 = load %struct.signal_struct.108377*, %struct.signal_struct.108377** %74, align 8 %76 = getelementptr %struct.signal_struct.108377, %struct.signal_struct.108377* %75, i64 0, i32 49, i64 1, i32 0 %77 = load volatile i64, i64* %76, align 8 %78 = icmp eq i64 %77, -1 br i1 %78, label %87, label %79 %80 = icmp sgt i64 %77, %3 br i1 %80, label %83, label %81 %82 = tail call i32 bitcast (i32 (i32, %struct.task_struct.43108*, i32)* @send_sig to i32 (i32, %struct.task_struct.108433*, i32)*)(i32 25, %struct.task_struct.108433* %73, i32 0) #69 Function:send_sig %4 = icmp eq i32 %2, 0 %5 = select i1 %4, %struct.kernel_siginfo* null, %struct.kernel_siginfo* inttoptr (i64 1 to %struct.kernel_siginfo*) %6 = icmp ugt i32 %0, 64 br i1 %6, label %32, label %7 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %9 = bitcast %struct.sighand_struct** %8 to i64* %10 = load volatile i64, i64* %9, align 8 %11 = inttoptr i64 %10 to %struct.sighand_struct* %12 = icmp eq i64 %10, 0 br i1 %12, label %24, label %13, !prof !5, !misexpect !6 %14 = phi %struct.sighand_struct* [ %21, %19 ], [ %11, %7 ] %15 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %14, i64 0, i32 0, i32 0, i32 0 %16 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %15) #69 %17 = load %struct.sighand_struct*, %struct.sighand_struct** %8, align 32 %18 = icmp eq %struct.sighand_struct* %17, %14 br i1 %18, label %24, label %19, !prof !7, !misexpect !8 %25 = phi i64 [ undef, %7 ], [ %16, %13 ] %26 = phi %struct.sighand_struct* [ %11, %7 ], [ %14, %13 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %27 = icmp eq %struct.sighand_struct* %26, null br i1 %27, label %32, label %28 %29 = tail call fastcc i32 @send_signal(i32 %0, %struct.kernel_siginfo* %5, %struct.task_struct.43108* %1, i32 0) #69 ------------- Good: 79 Bad: 28 Ignored: 220 Check Use of Function:efivar_validate Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.608989* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %110 %96 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1 %97 = bitcast %struct.uuid_t* %96 to i64* %98 = load i64, i64* %97, align 1 %99 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %100 = bitcast i8* %99 to i64* %101 = load i64, i64* %100, align 1 %102 = bitcast { i64, i64 }* %4 to i8* %103 = bitcast { i64, i64 }* %5 to i8* %104 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %83, i64* %104, align 8 %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %86, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %98, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %101, i64* %107, align 8 %108 = call i32 @bcmp(i8* nonnull dereferenceable(16) %102, i8* nonnull dereferenceable(16) %103, i64 16) #6 %109 = icmp eq i32 %108, 0 br i1 %109, label %112, label %110 %113 = icmp eq i64 %90, 0 %114 = icmp eq i32 %80, 0 %115 = or i1 %114, %113 br i1 %115, label %116, label %118 %119 = icmp ult i32 %80, 128 br i1 %119, label %120, label %122 %121 = tail call zeroext i1 @efivar_validate(i64 %83, i64 %86, i16* nonnull %87, i8* %91, i64 %90) #70 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.608989* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 ------------- Good: 3 Bad: 2 Ignored: 1 Check Use of Function:efivar_entry_set Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.608989* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 %52 = icmp eq i32 %51, 0 br i1 %52, label %55, label %53 %56 = icmp eq i32 %32, 0 %57 = icmp eq i32 %22, 0 %58 = or i1 %57, %56 br i1 %58, label %59, label %61 %62 = icmp ult i32 %22, 128 br i1 %62, label %63, label %65 %64 = tail call zeroext i1 @efivar_validate(i64 %25, i64 %28, i16* nonnull %29, i8* %34, i64 %33) #70 br i1 %64, label %67, label %65 %68 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 3, i64 0 %69 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 0 %70 = load i32, i32* %31, align 1 %71 = zext i32 %70 to i64 %72 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 2 store i64 %71, i64* %72, align 1 %73 = load i32, i32* %21, align 1 %74 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 5 store i32 %73, i32* %74, align 1 br label %125 %126 = phi i64 [ %33, %67 ], [ %90, %124 ] %127 = phi i32 [ %22, %67 ], [ %80, %124 ] %128 = phi i8* [ %34, %67 ], [ %91, %124 ] %129 = tail call i32 @efivar_entry_set(%struct.efivar_entry.608989* nonnull %0, i32 %127, i64 %126, i8* %128, %struct.list_head* null) #70 ------------- Good: 2 Bad: 1 Ignored: 0 Check Use of Function:ip6_route_add Check Use of Function:efivar_create_sysfs_entry Check Use of Function:move_vma Check Use of Function:dev_uc_del Check Use of Function:rtnl_fdb_notify Check Use of Function:kernel_wait4 Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 ------------- Good: 1 Bad: 5 Ignored: 3 Check Use of Function:pci_enable_device Check Use of Function:disable_swap_slots_cache_lock Check Use of Function:reenable_swap_slots_cache_unlock Check Use of Function:_dev_alert Check Use of Function:tcp_set_congestion_control Check Use of Function:raw_abort Check Use of Function:tcp_abort Check Use of Function:drm_dbg Use: =BAD PATH= Call Stack: 0 i915_perf_remove_config_ioctl ------------- Path:  Function:i915_perf_remove_config_ioctl %4 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %5 = bitcast i8** %4 to %struct.drm_i915_private.388303** %6 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %5, align 8 %7 = bitcast i8* %1 to i64* %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %6, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.41267, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 1 %15 = load %struct.kobject.379447*, %struct.kobject.379447** %14, align 8 %16 = icmp eq %struct.kobject.379447* %15, null br i1 %16, label %17, label %18 %19 = load i32, i32* @i915_perf_stream_paranoid, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %24, label %21 %25 = getelementptr inbounds i8, i8* %1, i64 48 %26 = bitcast i8* %25 to i64* %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %34, label %29 %30 = getelementptr inbounds i8, i8* %1, i64 36 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %55 %35 = getelementptr inbounds i8, i8* %1, i64 56 %36 = bitcast i8* %35 to i64* %37 = load i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %44, label %39 %40 = getelementptr inbounds i8, i8* %1, i64 40 %41 = bitcast i8* %40 to i32* %42 = load i32, i32* %41, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %44, label %55 %45 = getelementptr inbounds i8, i8* %1, i64 64 %46 = bitcast i8* %45 to i64* %47 = load i64, i64* %46, align 8 %48 = icmp eq i64 %47, 0 br i1 %48, label %54, label %49 %50 = getelementptr inbounds i8, i8* %1, i64 44 %51 = bitcast i8* %50 to i32* %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %52, 0 br i1 %53, label %54, label %55 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.5.41310, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 %14 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 1 %15 = load %struct.kobject.379447*, %struct.kobject.379447** %14, align 8 %16 = icmp eq %struct.kobject.379447* %15, null br i1 %16, label %17, label %18 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.3.41282, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_add_config_ioctl ------------- Path:  Function:i915_perf_add_config_ioctl %4 = alloca i32, align 4 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = bitcast i32* %4 to i8* %9 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %10 = load i8, i8* %9, align 8, !range !4 %11 = icmp eq i8 %10, 0 br i1 %11, label %12, label %13 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.41267, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 %29 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 2, i32 6 %30 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 15 br label %32 %33 = phi i32 [ 0, %28 ], [ %114, %113 ] %34 = phi i8 [ 0, %28 ], [ %115, %113 ] %35 = phi i64 [ 0, %28 ], [ %116, %113 ] %36 = phi i32 [ 0, %28 ], [ %117, %113 ] %37 = phi i32 [ 0, %28 ], [ %118, %113 ] %38 = phi i8 [ 0, %28 ], [ %119, %113 ] %39 = phi i32 [ 0, %28 ], [ %120, %113 ] %40 = phi i64* [ %20, %28 ], [ %121, %113 ] %41 = phi i32 [ 0, %28 ], [ %122, %113 ] %43 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %40, i64 8, i64 %42) #6, !srcloc !5 %44 = extractvalue { i64*, i64, i64 } %43, 0 %45 = extractvalue { i64*, i64, i64 } %43, 1 %46 = extractvalue { i64*, i64, i64 } %43, 2 %47 = ptrtoint i64* %44 to i64 %48 = trunc i64 %47 to i32 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %584 %52 = getelementptr i64, i64* %40, i64 1 %53 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %52, i64 8, i64 %51) #6, !srcloc !6 %54 = extractvalue { i64*, i64, i64 } %53, 0 %55 = extractvalue { i64*, i64, i64 } %53, 1 %56 = extractvalue { i64*, i64, i64 } %53, 2 %57 = ptrtoint i64* %54 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %588 %61 = add i64 %45, -1 %62 = icmp ugt i64 %61, 4 br i1 %62, label %63, label %64 %65 = trunc i64 %45 to i32 switch i32 %65, label %113 [ i32 1, label %66 i32 2, label %67 i32 3, label %71 i32 4, label %76 i32 5, label %90 i32 6, label %111 ] %91 = icmp ugt i64 %55, 31 br i1 %91, label %92, label %93 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.27.41275, i64 0, i64 0), i32 31) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 %29 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 2, i32 6 %30 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 15 br label %32 %33 = phi i32 [ 0, %28 ], [ %114, %113 ] %34 = phi i8 [ 0, %28 ], [ %115, %113 ] %35 = phi i64 [ 0, %28 ], [ %116, %113 ] %36 = phi i32 [ 0, %28 ], [ %117, %113 ] %37 = phi i32 [ 0, %28 ], [ %118, %113 ] %38 = phi i8 [ 0, %28 ], [ %119, %113 ] %39 = phi i32 [ 0, %28 ], [ %120, %113 ] %40 = phi i64* [ %20, %28 ], [ %121, %113 ] %41 = phi i32 [ 0, %28 ], [ %122, %113 ] %43 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %40, i64 8, i64 %42) #6, !srcloc !5 %44 = extractvalue { i64*, i64, i64 } %43, 0 %45 = extractvalue { i64*, i64, i64 } %43, 1 %46 = extractvalue { i64*, i64, i64 } %43, 2 %47 = ptrtoint i64* %44 to i64 %48 = trunc i64 %47 to i32 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %584 %52 = getelementptr i64, i64* %40, i64 1 %53 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %52, i64 8, i64 %51) #6, !srcloc !6 %54 = extractvalue { i64*, i64, i64 } %53, 0 %55 = extractvalue { i64*, i64, i64 } %53, 1 %56 = extractvalue { i64*, i64, i64 } %53, 2 %57 = ptrtoint i64* %54 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %588 %61 = add i64 %45, -1 %62 = icmp ugt i64 %61, 4 br i1 %62, label %63, label %64 %65 = trunc i64 %45 to i32 switch i32 %65, label %113 [ i32 1, label %66 i32 2, label %67 i32 3, label %71 i32 4, label %76 i32 5, label %90 i32 6, label %111 ] %77 = add i64 %55, -1 %78 = icmp ugt i64 %77, 9 br i1 %78, label %79, label %81 %82 = load %struct.util_est*, %struct.util_est** %30, align 8 %83 = getelementptr %struct.util_est, %struct.util_est* %82, i64 %55, i32 1 %84 = load i32, i32* %83, align 4 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %88 %87 = extractvalue { i64*, i64, i64 } %53, 1 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.26.41274, i64 0, i64 0), i64 %87) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 %29 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 2, i32 6 %30 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 15 br label %32 %33 = phi i32 [ 0, %28 ], [ %114, %113 ] %34 = phi i8 [ 0, %28 ], [ %115, %113 ] %35 = phi i64 [ 0, %28 ], [ %116, %113 ] %36 = phi i32 [ 0, %28 ], [ %117, %113 ] %37 = phi i32 [ 0, %28 ], [ %118, %113 ] %38 = phi i8 [ 0, %28 ], [ %119, %113 ] %39 = phi i32 [ 0, %28 ], [ %120, %113 ] %40 = phi i64* [ %20, %28 ], [ %121, %113 ] %41 = phi i32 [ 0, %28 ], [ %122, %113 ] %43 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %40, i64 8, i64 %42) #6, !srcloc !5 %44 = extractvalue { i64*, i64, i64 } %43, 0 %45 = extractvalue { i64*, i64, i64 } %43, 1 %46 = extractvalue { i64*, i64, i64 } %43, 2 %47 = ptrtoint i64* %44 to i64 %48 = trunc i64 %47 to i32 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %584 %52 = getelementptr i64, i64* %40, i64 1 %53 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %52, i64 8, i64 %51) #6, !srcloc !6 %54 = extractvalue { i64*, i64, i64 } %53, 0 %55 = extractvalue { i64*, i64, i64 } %53, 1 %56 = extractvalue { i64*, i64, i64 } %53, 2 %57 = ptrtoint i64* %54 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %588 %61 = add i64 %45, -1 %62 = icmp ugt i64 %61, 4 br i1 %62, label %63, label %64 %65 = trunc i64 %45 to i32 switch i32 %65, label %113 [ i32 1, label %66 i32 2, label %67 i32 3, label %71 i32 4, label %76 i32 5, label %90 i32 6, label %111 ] %77 = add i64 %55, -1 %78 = icmp ugt i64 %77, 9 br i1 %78, label %79, label %81 %80 = extractvalue { i64*, i64, i64 } %53, 1 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.25.41273, i64 0, i64 0), i64 %80) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 %29 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 2, i32 6 %30 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 15 br label %32 %33 = phi i32 [ 0, %28 ], [ %114, %113 ] %34 = phi i8 [ 0, %28 ], [ %115, %113 ] %35 = phi i64 [ 0, %28 ], [ %116, %113 ] %36 = phi i32 [ 0, %28 ], [ %117, %113 ] %37 = phi i32 [ 0, %28 ], [ %118, %113 ] %38 = phi i8 [ 0, %28 ], [ %119, %113 ] %39 = phi i32 [ 0, %28 ], [ %120, %113 ] %40 = phi i64* [ %20, %28 ], [ %121, %113 ] %41 = phi i32 [ 0, %28 ], [ %122, %113 ] %43 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %40, i64 8, i64 %42) #6, !srcloc !5 %44 = extractvalue { i64*, i64, i64 } %43, 0 %45 = extractvalue { i64*, i64, i64 } %43, 1 %46 = extractvalue { i64*, i64, i64 } %43, 2 %47 = ptrtoint i64* %44 to i64 %48 = trunc i64 %47 to i32 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %584 %52 = getelementptr i64, i64* %40, i64 1 %53 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %52, i64 8, i64 %51) #6, !srcloc !6 %54 = extractvalue { i64*, i64, i64 } %53, 0 %55 = extractvalue { i64*, i64, i64 } %53, 1 %56 = extractvalue { i64*, i64, i64 } %53, 2 %57 = ptrtoint i64* %54 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %588 %61 = add i64 %45, -1 %62 = icmp ugt i64 %61, 4 br i1 %62, label %63, label %64 %65 = trunc i64 %45 to i32 switch i32 %65, label %113 [ i32 1, label %66 i32 2, label %67 i32 3, label %71 i32 4, label %76 i32 5, label %90 i32 6, label %111 ] %72 = icmp eq i64 %55, 0 br i1 %72, label %73, label %74 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([26 x i8], [26 x i8]* @.str.24.41272, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 %29 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 2, i32 6 %30 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 15 br label %32 %33 = phi i32 [ 0, %28 ], [ %114, %113 ] %34 = phi i8 [ 0, %28 ], [ %115, %113 ] %35 = phi i64 [ 0, %28 ], [ %116, %113 ] %36 = phi i32 [ 0, %28 ], [ %117, %113 ] %37 = phi i32 [ 0, %28 ], [ %118, %113 ] %38 = phi i8 [ 0, %28 ], [ %119, %113 ] %39 = phi i32 [ 0, %28 ], [ %120, %113 ] %40 = phi i64* [ %20, %28 ], [ %121, %113 ] %41 = phi i32 [ 0, %28 ], [ %122, %113 ] %43 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %40, i64 8, i64 %42) #6, !srcloc !5 %44 = extractvalue { i64*, i64, i64 } %43, 0 %45 = extractvalue { i64*, i64, i64 } %43, 1 %46 = extractvalue { i64*, i64, i64 } %43, 2 %47 = ptrtoint i64* %44 to i64 %48 = trunc i64 %47 to i32 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %584 %52 = getelementptr i64, i64* %40, i64 1 %53 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %52, i64 8, i64 %51) #6, !srcloc !6 %54 = extractvalue { i64*, i64, i64 } %53, 0 %55 = extractvalue { i64*, i64, i64 } %53, 1 %56 = extractvalue { i64*, i64, i64 } %53, 2 %57 = ptrtoint i64* %54 to i64 %58 = trunc i64 %57 to i32 %59 = icmp eq i32 %58, 0 br i1 %59, label %60, label %588 %61 = add i64 %45, -1 %62 = icmp ugt i64 %61, 4 br i1 %62, label %63, label %64 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.23.41271, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 %27 = icmp ugt i32 %23, 5 br i1 %27, label %31, label %28 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([48 x i8], [48 x i8]* @.str.22.41270, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 %18 = getelementptr inbounds i8, i8* %1, i64 8 %19 = bitcast i8* %18 to i64** %20 = load i64*, i64** %19, align 8 %21 = getelementptr inbounds i8, i8* %1, i64 4 %22 = bitcast i8* %21 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.21.41269, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 %13 = bitcast i8* %1 to i32* %14 = load i32, i32* %13, align 8 %15 = icmp ult i32 %14, 8 br i1 %15, label %17, label %16 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.1.41268, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_perf_open_ioctl ------------- Path:  Function:i915_perf_open_ioctl %4 = alloca %struct.i915_gem_engines_iter, align 8 %5 = getelementptr inbounds %struct.drm_device.388011, %struct.drm_device.388011* %0, i64 0, i32 5 %6 = bitcast i8** %5 to %struct.drm_i915_private.388303** %7 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %6, align 8 %8 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %7, i64 0, i32 112, i32 0 %9 = load i8, i8* %8, align 8, !range !4 %10 = icmp eq i8 %9, 0 br i1 %10, label %11, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([51 x i8], [51 x i8]* @.str.41267, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_attrs_ioctl ------------- Path:  Function:intel_overlay_attrs_ioctl %4 = bitcast %struct.drm_device.463947* %0 to %struct.drm_i915_private.464247* %5 = getelementptr inbounds %struct.drm_device.463947, %struct.drm_device.463947* %0, i64 13, i32 34, i32 57 %6 = bitcast %struct.drm_property.463860** %5 to %struct.intel_overlay** %7 = load %struct.intel_overlay*, %struct.intel_overlay** %6, align 8 %8 = icmp eq %struct.intel_overlay* %7, null br i1 %8, label %9, label %10 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.39426, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 intel_overlay_put_image_ioctl ------------- Path:  Function:intel_overlay_put_image_ioctl %4 = alloca i8, align 1 %5 = bitcast %struct.drm_device.463947* %0 to %struct.drm_i915_private.464247* %6 = getelementptr inbounds %struct.drm_device.463947, %struct.drm_device.463947* %0, i64 13, i32 34, i32 57 %7 = bitcast %struct.drm_property.463860** %6 to %struct.intel_overlay** %8 = load %struct.intel_overlay*, %struct.intel_overlay** %7, align 8 %9 = icmp eq %struct.intel_overlay* %8, null br i1 %9, label %10, label %11 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.3.39426, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = alloca %struct.util_est, align 4 %5 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 %14 = getelementptr inbounds i8, i8* %1, i64 40 %15 = bitcast i8* %14 to i64* %16 = load i64, i64* %15, align 8 %17 = and i64 %16, -2064192 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %247 %20 = and i64 %16, 524288 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %32 %23 = getelementptr inbounds i8, i8* %1, i64 28 %24 = bitcast i8* %23 to i32* %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %247 %28 = getelementptr inbounds i8, i8* %1, i64 32 %29 = bitcast i8* %28 to i64* %30 = load i64, i64* %29, align 8 %31 = icmp eq i64 %30, 0 br i1 %31, label %32, label %247 %33 = getelementptr inbounds i8, i8* %1, i64 24 %34 = bitcast i8* %33 to i32* %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, -1 br i1 %36, label %43, label %37 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.5.36939, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer2_ioctl ------------- Path:  Function:i915_gem_execbuffer2_ioctl %4 = alloca %struct.util_est, align 4 %5 = bitcast i8* %1 to %struct.drm_i915_gem_execbuffer2* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.36938, i64 0, i64 0), i64 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer_ioctl ------------- Path:  Function:i915_gem_execbuffer_ioctl %4 = alloca %struct.drm_i915_gem_execbuffer2, align 8 %5 = bitcast %struct.drm_i915_gem_execbuffer2* %4 to i8* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 %14 = bitcast i8* %1 to i64* %15 = load i64, i64* %14, align 8 %16 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 0 store i64 %15, i64* %16, align 8 %17 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 1 store i32 %8, i32* %17, align 8 %18 = getelementptr inbounds i8, i8* %1, i64 12 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 4 %21 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 2 store i32 %20, i32* %21, align 4 %22 = getelementptr inbounds i8, i8* %1, i64 16 %23 = bitcast i8* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 3 store i32 %24, i32* %25, align 8 %26 = getelementptr inbounds i8, i8* %1, i64 20 %27 = bitcast i8* %26 to i32* %28 = load i32, i32* %27, align 4 %29 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 4 store i32 %28, i32* %29, align 4 %30 = getelementptr inbounds i8, i8* %1, i64 24 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 8 %33 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 5 store i32 %32, i32* %33, align 8 %34 = getelementptr inbounds i8, i8* %1, i64 28 %35 = bitcast i8* %34 to i32* %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 6 store i32 %36, i32* %37, align 4 %38 = getelementptr inbounds i8, i8* %1, i64 32 %39 = bitcast i8* %38 to i64* %40 = load i64, i64* %39, align 8 %41 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 7 store i64 %40, i64* %41, align 8 %42 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 8 store i64 1, i64* %42, align 8 %43 = getelementptr inbounds %struct.drm_i915_gem_execbuffer2, %struct.drm_i915_gem_execbuffer2* %4, i64 0, i32 9 store i64 0, i64* %43, align 8 %44 = icmp eq i32 %36, 0 %45 = icmp eq i64 %40, 0 %46 = and i1 %44, %45 br i1 %46, label %47, label %151 %48 = icmp eq i32 %32, -1 br i1 %48, label %52, label %49 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([39 x i8], [39 x i8]* @.str.5.36939, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_gem_execbuffer_ioctl ------------- Path:  Function:i915_gem_execbuffer_ioctl %4 = alloca %struct.drm_i915_gem_execbuffer2, align 8 %5 = bitcast %struct.drm_i915_gem_execbuffer2* %4 to i8* %6 = getelementptr inbounds i8, i8* %1, i64 8 %7 = bitcast i8* %6 to i32* %8 = load i32, i32* %7, align 8 %9 = zext i32 %8 to i64 %10 = add nsw i64 %9, -1 %11 = icmp ult i64 %10, 2147483647 br i1 %11, label %13, label %12 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([27 x i8], [27 x i8]* @.str.36938, i64 0, i64 0), i64 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 ctx_setparam 1 i915_gem_context_setparam_ioctl ------------- Path:  Function:i915_gem_context_setparam_ioctl %4 = getelementptr inbounds %struct.drm_file.387874, %struct.drm_file.387874* %2, i64 0, i32 17 %5 = bitcast i8** %4 to %struct.drm_i915_file_private.388029** %6 = load %struct.drm_i915_file_private.388029*, %struct.drm_i915_file_private.388029** %5, align 8 %7 = bitcast i8* %1 to i32* %8 = load i32, i32* %7, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = getelementptr inbounds %struct.drm_i915_file_private.388029, %struct.drm_i915_file_private.388029* %6, i64 0, i32 3 %10 = zext i32 %8 to i64 %11 = tail call i8* @idr_find(%struct.idr* %9, i64 %10) #69 %12 = bitcast i8* %11 to %struct.i915_gem_context.388115* %13 = icmp eq i8* %11, null br i1 %13, label %38, label %14 %15 = getelementptr inbounds i8, i8* %11, i64 112 %16 = bitcast i8* %15 to %union.anon.21* %17 = bitcast i8* %15 to i32* %18 = load volatile i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %30, label %20 %21 = phi i32 [ %28, %27 ], [ %18, %14 ] %22 = add i32 %21, 1 %23 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %17, i32 %22, i32* %17, i32 %21) #6, !srcloc !5 %24 = extractvalue { i8, i32 } %23, 0 %25 = and i8 %24, 1 %26 = icmp eq i8 %25, 0 br i1 %26, label %27, label %30, !prof !6, !misexpect !7 %28 = extractvalue { i8, i32 } %23, 1 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %20 %31 = phi i32 [ 0, %14 ], [ %21, %20 ], [ 0, %27 ] %32 = add i32 %31, 1 %33 = or i32 %32, %31 %34 = icmp sgt i32 %33, -1 br i1 %34, label %36, label %35, !prof !8, !misexpect !7 tail call void @refcount_warn_saturate(%union.anon.21* %16, i32 0) #69 br label %36 %37 = icmp eq i32 %31, 0 br i1 %37, label %38, label %39 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %40 = bitcast i8* %1 to %struct.drm_wait_vblank_reply* %41 = tail call fastcc i32 @ctx_setparam(%struct.drm_i915_file_private.388029* %6, %struct.i915_gem_context.388115* nonnull %12, %struct.drm_wait_vblank_reply* %40) #70 Function:ctx_setparam %4 = alloca %struct.set_engines, align 8 %5 = alloca %struct.nlattr, align 2 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca %struct.drm_i915_gem_context_param_sseu, align 8 %9 = getelementptr inbounds %struct.drm_wait_vblank_reply, %struct.drm_wait_vblank_reply* %2, i64 0, i32 2 %10 = load i64, i64* %9, align 8 switch i64 %10, label %885 [ i64 2, label %11 i64 4, label %23 i64 5, label %35 i64 8, label %54 i64 6, label %66 i64 7, label %90 i64 9, label %310 i64 10, label %622 ] %623 = getelementptr inbounds %struct.drm_wait_vblank_reply, %struct.drm_wait_vblank_reply* %2, i64 0, i32 3 %624 = bitcast i64* %623 to %struct.i915_context_param_engines** %625 = load %struct.i915_context_param_engines*, %struct.i915_context_param_engines** %624, align 8 %626 = bitcast %struct.set_engines* %4 to i8* %627 = getelementptr inbounds %struct.set_engines, %struct.set_engines* %4, i64 0, i32 0 store %struct.i915_gem_context.388115* %1, %struct.i915_gem_context.388115** %627, align 8 %628 = getelementptr inbounds %struct.set_engines, %struct.set_engines* %4, i64 0, i32 1 store %struct.i915_gem_engines.388114* null, %struct.i915_gem_engines.388114** %628, align 8 %629 = getelementptr inbounds %struct.drm_wait_vblank_reply, %struct.drm_wait_vblank_reply* %2, i64 0, i32 1 %630 = load i32, i32* %629, align 4 %631 = icmp eq i32 %630, 0 br i1 %631, label %632, label %643 %644 = icmp ugt i32 %630, 7 %645 = and i32 %630, 3 %646 = icmp eq i32 %645, 0 %647 = and i1 %644, %646 br i1 %647, label %649, label %648 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([35 x i8], [35 x i8]* @.str.22.36894, i64 0, i64 0), i32 %630) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_dsc_fec_support_write ------------- Path:  Function:i915_dsc_fec_support_write %5 = alloca i8, align 1 store i8 0, i8* %5, align 1 %6 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.379105** %8 = load %struct.seq_file.379105*, %struct.seq_file.379105** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.drm_connector.387966** %11 = load %struct.drm_connector.387966*, %struct.drm_connector.387966** %10, align 8 %12 = getelementptr inbounds %struct.drm_connector.387966, %struct.drm_connector.387966* %11, i64 1 %13 = bitcast %struct.drm_connector.387966* %12 to %struct.intel_encoder.388192** %14 = load %struct.intel_encoder.388192*, %struct.intel_encoder.388192** %13, align 8 %15 = getelementptr inbounds %struct.intel_encoder.388192, %struct.intel_encoder.388192* %14, i64 0, i32 0 %16 = getelementptr inbounds %struct.drm_encoder.387946, %struct.drm_encoder.387946* %15, i64 1 %17 = bitcast %struct.drm_encoder.387946* %16 to i32* %18 = load i32, i32* %17, align 8 switch i32 %18, label %21 [ i32 10, label %19 i32 7, label %19 i32 8, label %19 i32 6, label %19 ] %22 = phi %struct.intel_digital_port.388206* [ %20, %19 ], [ null, %4 ] %23 = icmp eq i64 %2, 0 br i1 %23, label %37, label %24 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([41 x i8], [41 x i8]* @.str.607.36395, i64 0, i64 0), i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_error_state_write ------------- Path:  Function:i915_error_state_write %5 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.i915_gpu_state.388271** %7 = load %struct.i915_gpu_state.388271*, %struct.i915_gpu_state.388271** %6, align 8 %8 = icmp eq %struct.i915_gpu_state.388271* %7, null br i1 %8, label %12, label %9 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.34.36381, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.379105** %9 = load %struct.seq_file.379105*, %struct.seq_file.379105** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private.388303** %12 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %57, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.48.36359, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %28 %29 = call i32 @kstrtouint(i8* nonnull %14, i32 10, i32* nonnull %5) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %57 %32 = load i32, i32* %5, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([31 x i8], [31 x i8]* @.str.50.36366, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.379105** %9 = load %struct.seq_file.379105*, %struct.seq_file.379105** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private.388303** %12 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %57, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.48.36359, i64 0, i64 0), i64 6) %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %28 store i32 50, i32* %5, align 4 br label %34 %35 = phi i32 [ 50, %27 ], [ %32, %31 ] call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([45 x i8], [45 x i8]* @.str.49.36365, i64 0, i64 0), i32 %35) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.379105** %9 = load %struct.seq_file.379105*, %struct.seq_file.379105** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private.388303** %12 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %61, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %61 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #70 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.48.36359, i64 0, i64 0), i64 6) %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %33 %34 = call i32 @kstrtobool(i8* nonnull %13, i8* nonnull %6) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %61 %37 = load i8, i8* %6, align 1, !range !4 br label %38 %39 = phi i8 [ %37, %36 ], [ %32, %26 ] %40 = icmp eq i8 %39, 0 %41 = select i1 %40, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.57.36360, i64 0, i64 0), i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.56.36361, i64 0, i64 0) call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([36 x i8], [36 x i8]* @.str.55.36362, i64 0, i64 0), i8* %41) #69 ------------- Use: =BAD PATH= Call Stack: 0 check_for_unclaimed_mmio 1 intel_uncore_forcewake_user_put 2 i915_forcewake_release ------------- Path:  Function:i915_forcewake_release %3 = getelementptr inbounds %struct.inode.379433, %struct.inode.379433* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.drm_i915_private.388303** %5 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %4, align 8 %6 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 1, i32 1 %7 = load i8, i8* %6, align 2 %8 = icmp ult i8 %7, 6 br i1 %8, label %12, label %9 %10 = getelementptr inbounds %struct.drm_i915_private.388303, %struct.drm_i915_private.388303* %5, i64 0, i32 7 tail call void @intel_uncore_forcewake_user_put(%struct.intel_uncore.388021* %10) #69 Function:intel_uncore_forcewake_user_put %2 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 3 %3 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %2, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %3) #69 %4 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 15 %5 = load i32, i32* %4, align 8 %6 = add i32 %5, -1 store i32 %6, i32* %4, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %8, label %71 %9 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 16 %10 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %11 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %11) #69 %12 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %9, align 8 %13 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %12, i64 0, i32 3 %14 = load i32, i32* %13, align 4 %15 = add i32 %14, -1 store i32 %15, i32* %13, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %21 %22 = tail call fastcc zeroext i1 @check_for_unclaimed_mmio(%struct.intel_uncore.388021* %0) #70 Function:check_for_unclaimed_mmio %2 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 16 %3 = load %struct.intel_uncore_mmio_debug*, %struct.intel_uncore_mmio_debug** %2, align 8 %4 = getelementptr inbounds %struct.intel_uncore_mmio_debug, %struct.intel_uncore_mmio_debug* %3, i64 0, i32 3 %5 = load i32, i32* %4, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %7, label %68 %8 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %23, label %12 %13 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 0 %14 = load i8*, i8** %13, align 8 %15 = getelementptr i8, i8* %14, i64 271104 %16 = bitcast i8* %15 to i32* %17 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %16) #6, !srcloc !4 %18 = icmp slt i32 %17, 0 br i1 %18, label %19, label %23, !prof !5, !misexpect !6 %20 = load i8*, i8** %13, align 8 %21 = getelementptr i8, i8* %20, i64 271104 %22 = bitcast i8* %21 to i32* tail call void asm sideeffect "movl $0,$1", "r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32 -2147483648, i32* %22) #6, !srcloc !7 br label %23 %24 = phi i8 [ 0, %7 ], [ 1, %19 ], [ 0, %12 ] %25 = load i32, i32* %8, align 4 %26 = and i32 %25, 4 %27 = icmp eq i32 %26, 0 br i1 %27, label %44, label %28 %45 = phi i32 [ %43, %40 ], [ %25, %23 ] %46 = phi i8 [ %42, %40 ], [ %24, %23 ] %47 = and i32 %45, 8 %48 = icmp eq i32 %47, 0 br i1 %48, label %64, label %49 %50 = getelementptr inbounds %struct.intel_uncore.388021, %struct.intel_uncore.388021* %0, i64 0, i32 0 %51 = load i8*, i8** %50, align 8 %52 = getelementptr i8, i8* %51, i64 1179648 %53 = bitcast i8* %52 to i32* %54 = tail call i32 asm sideeffect "movl $1,$0", "=r,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %53) #6, !srcloc !4 %55 = icmp ne i32 %54, 0 br i1 %55, label %56, label %60, !prof !5, !misexpect !9 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([20 x i8], [20 x i8]* @.str.27.35741, i64 0, i64 0), i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 error_state_write ------------- Path:  Function:error_state_write %7 = getelementptr inbounds %struct.kobject.379447, %struct.kobject.379447* %1, i64 1, i32 6 %8 = bitcast %struct.qspinlock* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds i8, i8* %9, i64 16 %11 = bitcast i8* %10 to %struct.drm_i915_private.384274** %12 = load %struct.drm_i915_private.384274*, %struct.drm_i915_private.384274** %11, align 8 tail call void (i32, i8*, ...) @drm_dbg(i32 2, i8* getelementptr inbounds ([23 x i8], [23 x i8]* @.str.31.35237, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 i915_getparam_ioctl ------------- Path:  Function:i915_getparam_ioctl %4 = bitcast %struct.drm_device.381246* %0 to %struct.drm_i915_private.381439* %5 = getelementptr inbounds %struct.drm_device.381246, %struct.drm_device.381246* %0, i64 1, i32 15, i32 1 %6 = bitcast i8* %1 to i32* %7 = load i32, i32* %6, align 8 switch i32 %7, label %143 [ i32 1, label %152 i32 2, label %152 i32 3, label %152 i32 14, label %152 i32 4, label %8 i32 32, label %14 i32 6, label %20 i32 7, label %23 i32 10, label %29 i32 11, label %33 i32 22, label %37 i32 31, label %41 i32 17, label %45 i32 27, label %52 i32 18, label %63 i32 20, label %66 i32 23, label %71 i32 28, label %78 i32 33, label %80 i32 34, label %84 i32 35, label %90 i32 36, label %144 i32 38, label %98 i32 39, label %105 i32 42, label %109 i32 40, label %114 i32 41, label %116 i32 30, label %119 i32 5, label %119 i32 8, label %119 i32 9, label %119 i32 12, label %119 i32 13, label %119 i32 15, label %119 i32 16, label %119 i32 19, label %119 i32 21, label %119 i32 24, label %119 i32 25, label %119 i32 26, label %119 i32 29, label %119 i32 37, label %119 i32 43, label %119 i32 44, label %119 i32 45, label %119 i32 48, label %119 i32 49, label %119 i32 53, label %119 i32 50, label %120 i32 46, label %122 i32 47, label %127 i32 51, label %132 i32 52, label %136 ] tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.35171, i64 0, i64 0), i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 crc_control_write ------------- Path:  Function:crc_control_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.96453** %8 = load %struct.seq_file.96453*, %struct.seq_file.96453** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.96453, %struct.seq_file.96453* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.drm_crtc.378818** %11 = load %struct.drm_crtc.378818*, %struct.drm_crtc.378818** %10, align 8 %12 = bitcast i64* %5 to i8* %13 = icmp eq i64 %2, 0 br i1 %13, label %51, label %14 %15 = icmp ugt i64 %2, 4095 br i1 %15, label %16, label %17 tail call void (i32, i8*, ...) @drm_dbg(i32 4, i8* getelementptr inbounds ([44 x i8], [44 x i8]* @.str.4.34923, i64 0, i64 0), i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_compat_ioctl 1 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %8 = tail call i64 bitcast (i64 (%struct.file.377164*, i32, i64)* @drm_compat_ioctl to i64 (%struct.file.391273*, i32, i64)*)(%struct.file.391273* %0, i32 %1, i64 %2) #69 Function:drm_compat_ioctl %4 = and i32 %1, 255 %5 = getelementptr inbounds %struct.file.377164, %struct.file.377164* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.drm_file.377231** %7 = load %struct.drm_file.377231*, %struct.drm_file.377231** %6, align 8 %8 = icmp ugt i32 %4, 184 br i1 %8, label %9, label %11 %12 = zext i32 %4 to i64 %13 = getelementptr [185 x %struct.anon.75.377165], [185 x %struct.anon.75.377165]* @drm_compat_ioctls, i64 0, i64 %12, i32 0 %14 = load i32 (%struct.file.377164*, i32, i64)*, i32 (%struct.file.377164*, i32, i64)** %13, align 16 %15 = icmp eq i32 (%struct.file.377164*, i32, i64)* %14, null br i1 %15, label %16, label %18 %19 = tail call %struct.task_struct.377125* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.377125** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.377125**)) #10, !srcloc !4 %20 = getelementptr inbounds %struct.task_struct.377125, %struct.task_struct.377125* %19, i64 0, i32 48 %21 = load i32, i32* %20, align 8 %22 = getelementptr inbounds %struct.drm_file.377231, %struct.drm_file.377231* %7, i64 0, i32 11 %23 = load %struct.drm_minor.377216*, %struct.drm_minor.377216** %22, align 8 %24 = getelementptr inbounds %struct.drm_minor.377216, %struct.drm_minor.377216* %23, i64 0, i32 2 %25 = load %struct.device.377214*, %struct.device.377214** %24, align 8 %26 = getelementptr inbounds %struct.device.377214, %struct.device.377214* %25, i64 0, i32 27 %27 = load i32, i32* %26, align 4 %28 = lshr i32 %27, 20 %29 = shl nuw nsw i32 %28, 8 %30 = or i32 %29, %27 %31 = and i32 %30, 65535 %32 = zext i32 %31 to i64 %33 = getelementptr inbounds %struct.drm_file.377231, %struct.drm_file.377231* %7, i64 0, i32 0 %34 = load i8, i8* %33, align 8, !range !5 %35 = zext i8 %34 to i32 %36 = getelementptr [185 x %struct.anon.75.377165], [185 x %struct.anon.75.377165]* @drm_compat_ioctls, i64 0, i64 %12, i32 1 %37 = load i8*, i8** %36, align 8 tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.34805, i64 0, i64 0), i32 %21, i64 %32, i32 %35, i8* %37) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_noop ------------- Path:  Function:drm_noop tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.33406, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %37, i64 0, i32 48 %39 = load %struct.drm_ioctl_desc.362674*, %struct.drm_ioctl_desc.362674** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.362674* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 48 %72 = load i32, i32* %71, align 8 %73 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %73, i64 0, i32 2 %75 = load %struct.device.364083*, %struct.device.364083** %74, align 8 %76 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %75, i64 0, i32 27 %77 = load i32, i32* %76, align 4 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %84 = load i8, i8* %83, align 8, !range !6 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.33516, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.391273* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.391621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.391621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.391621**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.391621, %struct.task_struct.391621* %12, i64 0, i32 163, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %33, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movl ${0:k},$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "ir,*m,X,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i8* blockaddress(@compat_i915_getparam, %21)) #6 to label %22 [label %21], !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %23 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %24 = load i32, i32* %23, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %25 = getelementptr inbounds i8, i8* %10, i64 8 %26 = zext i32 %24 to i64 %27 = inttoptr i64 %26 to i32* %28 = bitcast i8* %25 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movq $0,$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "er,*m,X,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %28, i8* blockaddress(@compat_i915_getparam, %32)) #6 to label %29 [label %32], !srcloc !10 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.391273*, i32, i64)*)(%struct.file.391273* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %37, i64 0, i32 48 %39 = load %struct.drm_ioctl_desc.362674*, %struct.drm_ioctl_desc.362674** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.362674* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 48 %72 = load i32, i32* %71, align 8 %73 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %73, i64 0, i32 2 %75 = load %struct.device.364083*, %struct.device.364083** %74, align 8 %76 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %75, i64 0, i32 27 %77 = load i32, i32* %76, align 4 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %84 = load i8, i8* %83, align 8, !range !6 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.33516, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %125 = phi i32 [ %52, %120 ], [ %9, %42 ], [ %9, %25 ] %126 = phi i32 [ %122, %120 ], [ -22, %42 ], [ -22, %25 ] %127 = phi i8* [ %121, %120 ], [ null, %42 ], [ null, %25 ] %128 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %128, i64 0, i32 48 %130 = load i32, i32* %129, align 8 %131 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %132 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %131, i64 0, i32 2 %133 = load %struct.device.364083*, %struct.device.364083** %132, align 8 %134 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %133, i64 0, i32 27 %135 = load i32, i32* %134, align 4 %136 = lshr i32 %135, 20 %137 = shl nuw nsw i32 %136, 8 %138 = or i32 %137, %135 %139 = and i32 %138, 65535 %140 = zext i32 %139 to i64 %141 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %142 = load i8, i8* %141, align 8, !range !6 %143 = zext i8 %142 to i32 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([66 x i8], [66 x i8]* @.str.3.33518, i64 0, i64 0), i32 %130, i64 %140, i32 %143, i32 %1, i32 %125) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.391273* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.391621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.391621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.391621**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.391621, %struct.task_struct.391621* %12, i64 0, i32 163, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %33, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movl ${0:k},$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "ir,*m,X,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i8* blockaddress(@compat_i915_getparam, %21)) #6 to label %22 [label %21], !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %23 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %24 = load i32, i32* %23, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %25 = getelementptr inbounds i8, i8* %10, i64 8 %26 = zext i32 %24 to i64 %27 = inttoptr i64 %26 to i32* %28 = bitcast i8* %25 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movq $0,$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "er,*m,X,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %28, i8* blockaddress(@compat_i915_getparam, %32)) #6 to label %29 [label %32], !srcloc !10 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.391273*, i32, i64)*)(%struct.file.391273* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %125 = phi i32 [ %52, %120 ], [ %9, %42 ], [ %9, %25 ] %126 = phi i32 [ %122, %120 ], [ -22, %42 ], [ -22, %25 ] %127 = phi i8* [ %121, %120 ], [ null, %42 ], [ null, %25 ] %128 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %129 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %128, i64 0, i32 48 %130 = load i32, i32* %129, align 8 %131 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %132 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %131, i64 0, i32 2 %133 = load %struct.device.364083*, %struct.device.364083** %132, align 8 %134 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %133, i64 0, i32 27 %135 = load i32, i32* %134, align 4 %136 = lshr i32 %135, 20 %137 = shl nuw nsw i32 %136, 8 %138 = or i32 %137, %135 %139 = and i32 %138, 65535 %140 = zext i32 %139 to i64 %141 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %142 = load i8, i8* %141, align 8, !range !6 %143 = zext i8 %142 to i32 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([66 x i8], [66 x i8]* @.str.3.33518, i64 0, i64 0), i32 %130, i64 %140, i32 %143, i32 %1, i32 %125) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl ------------- Path:  Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %37, i64 0, i32 48 %39 = load %struct.drm_ioctl_desc.362674*, %struct.drm_ioctl_desc.362674** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.362674* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 48 %72 = load i32, i32* %71, align 8 %73 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %73, i64 0, i32 2 %75 = load %struct.device.364083*, %struct.device.364083** %74, align 8 %76 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %75, i64 0, i32 27 %77 = load i32, i32* %76, align 4 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %84 = load i8, i8* %83, align 8, !range !6 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.33516, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 %88 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 2 %89 = bitcast {}** %88 to i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)** %90 = load i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)*, i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)** %89, align 8 %91 = icmp eq i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)* %90, null br i1 %91, label %92, label %93, !prof !7, !misexpect !8 %94 = icmp ult i32 %69, 129 br i1 %94, label %99, label %95 %100 = phi i8* [ %97, %95 ], [ %10, %93 ] %101 = inttoptr i64 %2 to i8* %102 = zext i32 %63 to i64 %103 = call i64 @_copy_from_user(i8* %100, i8* %101, i64 %102) #69 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %120 %106 = icmp ugt i32 %69, %63 br i1 %106, label %107, label %111 %108 = getelementptr i8, i8* %100, i64 %102 %109 = sub nsw i32 %69, %63 %110 = zext i32 %109 to i64 br label %111 %112 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 1 %113 = load i32, i32* %112, align 4 %114 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)* nonnull %90, i8* %100, i32 %113) #70 %115 = trunc i64 %114 to i32 %116 = zext i32 %65 to i64 %117 = call i64 @_copy_to_user(i8* %101, i8* %100, i64 %116) #69 %118 = icmp eq i64 %117, 0 %119 = select i1 %118, i32 %115, i32 -14 br label %120 %121 = phi i8* [ null, %92 ], [ null, %95 ], [ %100, %99 ], [ %100, %111 ] %122 = phi i32 [ -22, %92 ], [ -12, %95 ], [ -14, %99 ], [ %119, %111 ] %123 = icmp eq %struct.drm_ioctl_desc.362674* %53, null br i1 %123, label %124, label %144 %145 = phi i32 [ %122, %120 ], [ %126, %124 ] %146 = phi i8* [ %121, %120 ], [ %127, %124 ] %147 = icmp eq i8* %146, %10 br i1 %147, label %149, label %148 %150 = icmp eq i32 %145, 0 br i1 %150, label %155, label %151 %152 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %153 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %152, i64 0, i32 48 %154 = load i32, i32* %153, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.4.33519, i64 0, i64 0), i32 %154, i32 %145) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_ioctl 1 compat_i915_getparam 2 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.391273* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = call i8* @compat_alloc_user_space(i64 16) #69 %11 = ptrtoint i8* %10 to i64 %12 = call %struct.task_struct.391621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.391621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.391621**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.391621, %struct.task_struct.391621* %12, i64 0, i32 163, i32 17, i32 0 %14 = load i64, i64* %13, align 8 %15 = add i64 %14, -16 %16 = icmp ult i64 %15, %11 br i1 %16, label %33, label %17, !prof !5, !misexpect !6 %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 0 %19 = load i32, i32* %18, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %20 = bitcast i8* %10 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movl ${0:k},$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "ir,*m,X,~{dirflag},~{fpsr},~{flags}"(i32 %19, %struct.__large_struct* %20, i8* blockaddress(@compat_i915_getparam, %21)) #6 to label %22 [label %21], !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %23 = getelementptr inbounds %struct.util_est, %struct.util_est* %4, i64 0, i32 1 %24 = load i32, i32* %23, align 4 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %25 = getelementptr inbounds i8, i8* %10, i64 8 %26 = zext i32 %24 to i64 %27 = inttoptr i64 %26 to i32* %28 = bitcast i8* %25 to %struct.__large_struct* callbr void asm sideeffect "\0A1:\09movq $0,$1\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (${2:l}) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "er,*m,X,~{dirflag},~{fpsr},~{flags}"(i32* %27, %struct.__large_struct* %28, i8* blockaddress(@compat_i915_getparam, %32)) #6 to label %29 [label %32], !srcloc !10 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %30 = call i64 bitcast (i64 (%struct.file*, i32, i64)* @drm_ioctl to i64 (%struct.file.391273*, i32, i64)*)(%struct.file.391273* %0, i32 -1072667578, i64 %11) #69 Function:drm_ioctl %4 = alloca i32, align 4 %5 = alloca [128 x i8], align 16 %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.drm_file.364088** %8 = load %struct.drm_file.364088*, %struct.drm_file.364088** %7, align 8 %9 = and i32 %1, 255 %10 = getelementptr inbounds [128 x i8], [128 x i8]* %5, i64 0, i64 0 %11 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 11 %12 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %13 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %12, i64 0, i32 3 %14 = load %struct.drm_device.364137*, %struct.drm_device.364137** %13, align 8 %15 = bitcast i32* %4 to i8* %16 = call zeroext i1 bitcast (i1 (%struct.drm_device.365207*, i32*)* @drm_dev_enter to i1 (%struct.drm_device.364137*, i32*)*)(%struct.drm_device.364137* %14, i32* nonnull %4) #69 br i1 %16, label %18, label %17 %19 = load i32, i32* %4, align 4 call void @drm_dev_exit(i32 %19) #69 %20 = and i32 %1, 65280 %21 = icmp eq i32 %20, 25600 br i1 %21, label %22, label %157 %23 = add nsw i32 %9, -64 %24 = icmp ult i32 %23, 96 br i1 %24, label %25, label %42 %26 = getelementptr inbounds %struct.drm_device.364137, %struct.drm_device.364137* %14, i64 0, i32 4 %27 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %28 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %27, i64 0, i32 49 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %23, %29 br i1 %30, label %31, label %124 %32 = zext i32 %23 to i64 %33 = sext i32 %29 to i64 %34 = call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 %33, i64 %32) #6, !srcloc !4 %35 = trunc i64 %34 to i32 %36 = and i32 %23, %35 %37 = load %struct.drm_driver.364097*, %struct.drm_driver.364097** %26, align 8 %38 = getelementptr inbounds %struct.drm_driver.364097, %struct.drm_driver.364097* %37, i64 0, i32 48 %39 = load %struct.drm_ioctl_desc.362674*, %struct.drm_ioctl_desc.362674** %38, align 8 %40 = zext i32 %36 to i64 %41 = getelementptr %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %39, i64 %40 br label %51 %52 = phi i32 [ %48, %44 ], [ %9, %31 ] %53 = phi %struct.drm_ioctl_desc.362674* [ %50, %44 ], [ %41, %31 ] %54 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 0 %55 = load i32, i32* %54, align 8 %56 = lshr i32 %55, 16 %57 = and i32 %56, 16383 %58 = lshr i32 %1, 16 %59 = and i32 %58, 16383 %60 = and i32 %55, %1 %61 = and i32 %60, 1073741824 %62 = icmp eq i32 %61, 0 %63 = select i1 %62, i32 0, i32 %59 %64 = icmp slt i32 %60, 0 %65 = select i1 %64, i32 %59, i32 0 %66 = icmp ugt i32 %63, %65 %67 = select i1 %66, i32 %63, i32 %65 %68 = icmp ugt i32 %67, %57 %69 = select i1 %68, i32 %67, i32 %57 %70 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %71 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %70, i64 0, i32 48 %72 = load i32, i32* %71, align 8 %73 = load %struct.drm_minor.364086*, %struct.drm_minor.364086** %11, align 8 %74 = getelementptr inbounds %struct.drm_minor.364086, %struct.drm_minor.364086* %73, i64 0, i32 2 %75 = load %struct.device.364083*, %struct.device.364083** %74, align 8 %76 = getelementptr inbounds %struct.device.364083, %struct.device.364083* %75, i64 0, i32 27 %77 = load i32, i32* %76, align 4 %78 = lshr i32 %77, 20 %79 = shl nuw nsw i32 %78, 8 %80 = or i32 %79, %77 %81 = and i32 %80, 65535 %82 = zext i32 %81 to i64 %83 = getelementptr inbounds %struct.drm_file.364088, %struct.drm_file.364088* %8, i64 0, i32 0 %84 = load i8, i8* %83, align 8, !range !6 %85 = zext i8 %84 to i32 %86 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 3 %87 = load i8*, i8** %86, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([32 x i8], [32 x i8]* @.str.1.33516, i64 0, i64 0), i32 %72, i64 %82, i32 %85, i8* %87) #69 %88 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 2 %89 = bitcast {}** %88 to i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)** %90 = load i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)*, i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)** %89, align 8 %91 = icmp eq i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)* %90, null br i1 %91, label %92, label %93, !prof !7, !misexpect !8 %94 = icmp ult i32 %69, 129 br i1 %94, label %99, label %95 %100 = phi i8* [ %97, %95 ], [ %10, %93 ] %101 = inttoptr i64 %2 to i8* %102 = zext i32 %63 to i64 %103 = call i64 @_copy_from_user(i8* %100, i8* %101, i64 %102) #69 %104 = icmp eq i64 %103, 0 br i1 %104, label %105, label %120 %106 = icmp ugt i32 %69, %63 br i1 %106, label %107, label %111 %108 = getelementptr i8, i8* %100, i64 %102 %109 = sub nsw i32 %69, %63 %110 = zext i32 %109 to i64 br label %111 %112 = getelementptr inbounds %struct.drm_ioctl_desc.362674, %struct.drm_ioctl_desc.362674* %53, i64 0, i32 1 %113 = load i32, i32* %112, align 4 %114 = call i64 @drm_ioctl_kernel(%struct.file* %0, i32 (%struct.drm_device.364137*, i8*, %struct.drm_file.364088*)* nonnull %90, i8* %100, i32 %113) #70 %115 = trunc i64 %114 to i32 %116 = zext i32 %65 to i64 %117 = call i64 @_copy_to_user(i8* %101, i8* %100, i64 %116) #69 %118 = icmp eq i64 %117, 0 %119 = select i1 %118, i32 %115, i32 -14 br label %120 %121 = phi i8* [ null, %92 ], [ null, %95 ], [ %100, %99 ], [ %100, %111 ] %122 = phi i32 [ -22, %92 ], [ -12, %95 ], [ -14, %99 ], [ %119, %111 ] %123 = icmp eq %struct.drm_ioctl_desc.362674* %53, null br i1 %123, label %124, label %144 %145 = phi i32 [ %122, %120 ], [ %126, %124 ] %146 = phi i8* [ %121, %120 ], [ %127, %124 ] %147 = icmp eq i8* %146, %10 br i1 %147, label %149, label %148 %150 = icmp eq i32 %145, 0 br i1 %150, label %155, label %151 %152 = call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !5 %153 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %152, i64 0, i32 48 %154 = load i32, i32* %153, align 8 call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.4.33519, i64 0, i64 0), i32 %154, i32 %145) #69 ------------- Use: =BAD PATH= Call Stack: 0 drm_stub_open ------------- Path:  Function:drm_stub_open tail call void (i32, i8*, ...) @drm_dbg(i32 1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.33528, i64 0, i64 0)) #69 ------------- Good: 3551 Bad: 38 Ignored: 2987 Check Use of Function:pci_mmap_page_range Check Use of Function:netif_set_xps_queue Check Use of Function:find_get_context Check Use of Function:down_read_interruptible Check Use of Function:modify_user_hw_breakpoint_check Check Use of Function:mtrr_file_add Check Use of Function:alloc_netdev_mqs Check Use of Function:ipip6_tunnel_update Check Use of Function:add_partition Check Use of Function:disk_part_iter_init Check Use of Function:sr_block_ioctl Check Use of Function:disk_part_iter_next Check Use of Function:dm_pr_clear Check Use of Function:fsync_bdev Check Use of Function:disk_part_iter_exit Check Use of Function:sd_ioctl Check Use of Function:lo_ioctl Use: =BAD PATH= Call Stack: 0 lo_compat_ioctl ------------- Path:  Function:lo_compat_ioctl %5 = alloca %struct.loop_info64, align 8 %6 = alloca %struct.loop_info64, align 8 %7 = getelementptr inbounds %struct.block_device.519999, %struct.block_device.519999* %0, i64 0, i32 16 %8 = load %struct.gendisk.519998*, %struct.gendisk.519998** %7, align 8 %9 = getelementptr inbounds %struct.gendisk.519998, %struct.gendisk.519998* %8, i64 0, i32 11 %10 = bitcast i8** %9 to %struct.loop_device** %11 = load %struct.loop_device*, %struct.loop_device** %10, align 8 switch i32 %2, label %37 [ i32 19458, label %12 i32 19459, label %21 i32 19463, label %32 i32 19457, label %32 i32 19461, label %32 i32 19460, label %32 i32 19456, label %34 i32 19462, label %34 i32 19465, label %34 i32 19464, label %34 ] %35 = phi i64 [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %33, %32 ] %36 = tail call i32 @lo_ioctl(%struct.block_device.519999* %0, i32 %1, i32 %2, i64 %35) #70 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:delete_partition Check Use of Function:bitmap_free Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = bitcast i64* %7 to i8* %16 = load i64, i64* %3, align 8 store i64 %16, i64* %7, align 8 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = sext i32 %18 to i64 %20 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %21 = bitcast i8** %20 to i64*** %22 = load i64**, i64*** %21, align 8 %23 = load i64*, i64** %22, align 8 %24 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %26 = icmp ne i64* %23, null %27 = icmp ne i32 %18, 0 %28 = and i1 %27, %26 %29 = icmp ne i64 %16, 0 %30 = and i1 %29, %28 br i1 %30, label %31, label %36 %32 = load i64, i64* %4, align 8 %33 = icmp eq i64 %32, 0 %34 = icmp ne i32 %1, 0 %35 = or i1 %34, %33 br i1 %35, label %37, label %36 br i1 %34, label %40, label %38 %39 = getelementptr inbounds [22 x i8], [22 x i8]* %6, i64 0, i64 0 br label %148 %149 = phi i64 [ 0, %38 ], [ %156, %220 ] %150 = phi i1 [ true, %38 ], [ false, %220 ] %151 = phi i8* [ %2, %38 ], [ %222, %220 ] %152 = call i64 @find_next_bit(i64* nonnull %23, i64 %19, i64 %149) #69 %153 = icmp ult i64 %152, %19 br i1 %153, label %154, label %224 %155 = add nuw i64 %152, 1 %156 = call i64 @find_next_zero_bit(i64* nonnull %23, i64 %19, i64 %155) #69 %157 = add i64 %156, -1 %158 = load i64, i64* %7, align 8 %159 = icmp eq i64 %158, 0 %160 = or i1 %150, %159 br i1 %160, label %168, label %161 %162 = call i32 asm sideeffect "call __put_user_1", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 44, i8* %151) #6, !srcloc !4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %257, !prof !5, !misexpect !6 %165 = load i64, i64* %7, align 8 %166 = add i64 %165, -1 store i64 %166, i64* %7, align 8 %167 = getelementptr i8, i8* %151, i64 1 br label %168 %169 = phi i8* [ %151, %154 ], [ %167, %164 ] %170 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %39, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.144.5143, i64 0, i64 0), i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.146.5144, i64 0, i64 0), i64 %152) #69 %171 = call i64 @strlen(i8* nonnull %39) #69 %172 = shl i64 %171, 32 %173 = ashr exact i64 %172, 32 %174 = load i64, i64* %7, align 8 %175 = icmp ugt i64 %173, %174 %176 = select i1 %175, i64 %174, i64 %171 %177 = shl i64 %176, 32 %178 = ashr exact i64 %177, 32 %179 = icmp ugt i64 %178, 2147483647 br i1 %179, label %180, label %181, !prof !7, !misexpect !6 %182 = call i64 @_copy_to_user(i8* %169, i8* nonnull %39, i64 %178) #69 %183 = icmp eq i64 %182, 0 br i1 %183, label %185, label %184 %186 = load i64, i64* %7, align 8 %187 = sub i64 %186, %178 store i64 %187, i64* %7, align 8 %188 = getelementptr i8, i8* %169, i64 %178 %189 = icmp eq i64 %152, %157 br i1 %189, label %220, label %190 %191 = icmp eq i64 %187, 0 br i1 %191, label %199, label %192 %193 = call i32 asm sideeffect "call __put_user_1", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 45, i8* %188) #6, !srcloc !4 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %257, !prof !5, !misexpect !6 %258 = phi i32 [ %234, %233 ], [ 0, %251 ], [ -14, %227 ], [ -14, %184 ], [ -14, %215 ], [ -14, %161 ], [ -14, %192 ] %259 = phi i64* [ %54, %233 ], [ %239, %251 ], [ null, %227 ], [ null, %184 ], [ null, %215 ], [ null, %161 ], [ null, %192 ] call void @bitmap_free(i64* %259) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_do_large_bitmap ------------- Path:  Function:proc_do_large_bitmap %6 = alloca [22 x i8], align 16 %7 = alloca i64, align 8 %8 = alloca [3 x i8], align 1 %9 = alloca [3 x i8], align 1 %10 = alloca i8, align 1 %11 = alloca i8*, align 8 %12 = alloca i64, align 8 %13 = alloca i64, align 8 %14 = alloca i8, align 1 %15 = bitcast i64* %7 to i8* %16 = load i64, i64* %3, align 8 store i64 %16, i64* %7, align 8 %17 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = sext i32 %18 to i64 %20 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %21 = bitcast i8** %20 to i64*** %22 = load i64**, i64*** %21, align 8 %23 = load i64*, i64** %22, align 8 %24 = getelementptr inbounds [3 x i8], [3 x i8]* %8, i64 0, i64 0 %25 = getelementptr inbounds [3 x i8], [3 x i8]* %9, i64 0, i64 0 %26 = icmp ne i64* %23, null %27 = icmp ne i32 %18, 0 %28 = and i1 %27, %26 %29 = icmp ne i64 %16, 0 %30 = and i1 %29, %28 br i1 %30, label %31, label %36 %32 = load i64, i64* %4, align 8 %33 = icmp eq i64 %32, 0 %34 = icmp ne i32 %1, 0 %35 = or i1 %34, %33 br i1 %35, label %37, label %36 br i1 %34, label %40, label %38 %39 = getelementptr inbounds [22 x i8], [22 x i8]* %6, i64 0, i64 0 br label %148 %149 = phi i64 [ 0, %38 ], [ %156, %220 ] %150 = phi i1 [ true, %38 ], [ false, %220 ] %151 = phi i8* [ %2, %38 ], [ %222, %220 ] %152 = call i64 @find_next_bit(i64* nonnull %23, i64 %19, i64 %149) #69 %153 = icmp ult i64 %152, %19 br i1 %153, label %154, label %224 %155 = add nuw i64 %152, 1 %156 = call i64 @find_next_zero_bit(i64* nonnull %23, i64 %19, i64 %155) #69 %157 = add i64 %156, -1 %158 = load i64, i64* %7, align 8 %159 = icmp eq i64 %158, 0 %160 = or i1 %150, %159 br i1 %160, label %168, label %161 %162 = call i32 asm sideeffect "call __put_user_1", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 44, i8* %151) #6, !srcloc !4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %257, !prof !5, !misexpect !6 %165 = load i64, i64* %7, align 8 %166 = add i64 %165, -1 store i64 %166, i64* %7, align 8 %167 = getelementptr i8, i8* %151, i64 1 br label %168 %169 = phi i8* [ %151, %154 ], [ %167, %164 ] %170 = call i32 (i8*, i8*, ...) @sprintf(i8* nonnull %39, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.144.5143, i64 0, i64 0), i8* getelementptr inbounds ([1 x i8], [1 x i8]* @.str.146.5144, i64 0, i64 0), i64 %152) #69 %171 = call i64 @strlen(i8* nonnull %39) #69 %172 = shl i64 %171, 32 %173 = ashr exact i64 %172, 32 %174 = load i64, i64* %7, align 8 %175 = icmp ugt i64 %173, %174 %176 = select i1 %175, i64 %174, i64 %171 %177 = shl i64 %176, 32 %178 = ashr exact i64 %177, 32 %179 = icmp ugt i64 %178, 2147483647 br i1 %179, label %180, label %181, !prof !7, !misexpect !6 %182 = call i64 @_copy_to_user(i8* %169, i8* nonnull %39, i64 %178) #69 %183 = icmp eq i64 %182, 0 br i1 %183, label %185, label %184 %186 = load i64, i64* %7, align 8 %187 = sub i64 %186, %178 store i64 %187, i64* %7, align 8 %188 = getelementptr i8, i8* %169, i64 %178 %189 = icmp eq i64 %152, %157 br i1 %189, label %220, label %190 %191 = icmp eq i64 %187, 0 br i1 %191, label %199, label %192 %193 = call i32 asm sideeffect "call __put_user_1", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 45, i8* %188) #6, !srcloc !4 %194 = icmp eq i32 %193, 0 br i1 %194, label %195, label %257, !prof !5, !misexpect !6 %258 = phi i32 [ %234, %233 ], [ 0, %251 ], [ -14, %227 ], [ -14, %184 ], [ -14, %215 ], [ -14, %161 ], [ -14, %192 ] %259 = phi i64* [ %54, %233 ], [ %239, %251 ], [ null, %227 ], [ null, %184 ], [ null, %215 ], [ null, %161 ], [ null, %192 ] call void @bitmap_free(i64* %259) #69 ------------- Good: 53 Bad: 2 Ignored: 2 Check Use of Function:dm_pr_preempt Check Use of Function:exportfs_decode_fh Check Use of Function:security_task_getscheduler Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.54* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.54204* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.54204* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.54* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.54204* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.54204* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.54* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.54204* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.54204* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.anon.54** %7 = load %struct.anon.54*, %struct.anon.54** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.54* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %10 %11 = phi %struct.task_struct.54204* [ %7, %6 ], [ %9, %8 ] %12 = icmp eq %struct.task_struct.54204* %11, null br i1 %12, label %60, label %13 %14 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %26, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %26, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %67 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #69 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %8 %9 = phi %struct.task_struct.54204* [ %5, %4 ], [ %7, %6 ] %10 = icmp eq %struct.task_struct.54204* %9, null br i1 %10, label %22, label %11 %12 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %76, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.54204* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.54204* %25, null br i1 %26, label %73, label %27 %28 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %76, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %23 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %24 %25 = phi %struct.task_struct.54204* [ %21, %20 ], [ %23, %22 ] %26 = icmp eq %struct.task_struct.54204* %25, null br i1 %26, label %73, label %27 %28 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kuid_t* %2 to i8* %10 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = icmp eq i64 %7, 0 %12 = icmp slt i32 %8, 0 %13 = or i1 %12, %11 br i1 %13, label %42, label %14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %8, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %20 %21 = phi %struct.task_struct.54204* [ %17, %16 ], [ %19, %18 ] %22 = icmp eq %struct.task_struct.54204* %21, null br i1 %22, label %39, label %23 %24 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %21) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %12 %13 = phi %struct.task_struct.54204* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.54204* %13, null br i1 %14, label %27, label %15 %16 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kuid_t* %2 to i8* %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = icmp eq i64 %6, 0 %11 = icmp slt i32 %7, 0 %12 = or i1 %11, %10 br i1 %12, label %41, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = icmp eq i32 %7, 0 br i1 %14, label %17, label %15 %18 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %19 %20 = phi %struct.task_struct.54204* [ %16, %15 ], [ %18, %17 ] %21 = icmp eq %struct.task_struct.54204* %20, null br i1 %21, label %38, label %22 %23 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %20) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %11 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 br label %12 %13 = phi %struct.task_struct.54204* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.54204* %13, null br i1 %14, label %27, label %15 %16 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_getscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %13) #69 ------------- Good: 1 Bad: 13 Ignored: 1 Check Use of Function:truncate_inode_pages Check Use of Function:ext4_double_up_write_data_sem Check Use of Function:ext4_get_inode_loc Use: =BAD PATH= Call Stack: 0 ext4_read_inline_dir 1 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 16384 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %827 %14 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.ext4_sb_info** %16 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %15, align 32 %17 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %16, i64 0, i32 15 %18 = load %struct.ext4_super_block*, %struct.ext4_super_block** %17, align 8 %19 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %18, i64 0, i32 28 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 32 %22 = icmp eq i32 %21, 0 br i1 %22, label %531, label %23 %24 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 37 %25 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %24, i64 20 %26 = bitcast %struct.kuid_t* %25 to i64* %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %531, label %42 %43 = bitcast %struct.kuid_t* %24 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 29 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %531, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #69 %60 = icmp eq i8* %59, null br i1 %60, label %827, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %87 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %92 %71 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 0, i32 1 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 2 %75 = icmp eq i32 %74, 0 %76 = trunc i64 %57 to i32 %77 = shl i32 %76, 1 %78 = lshr i64 %57, 31 %79 = trunc i64 %78 to i32 %80 = and i32 %79, -2 %81 = select i1 %75, i32 %80, i32 %77 %82 = getelementptr inbounds i8, i8* %59, i64 32 %83 = bitcast i8* %82 to i32* store i32 %81, i32* %83, align 8 %84 = load i32, i32* %72, align 8 %85 = and i32 %84, 2 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %100 %99 = trunc i64 %57 to i32 br label %100 %101 = phi i32 [ %99, %98 ], [ 0, %70 ], [ 0, %87 ] %102 = getelementptr inbounds i8, i8* %59, i64 36 %103 = bitcast i8* %102 to i32* store i32 %101, i32* %103, align 4 store i8* %59, i8** %48, align 8 br label %104 %105 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %100 ] %106 = phi i32 [ %54, %52 ], [ %64, %100 ] %107 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %110 = and i32 %106, 512 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %122 %113 = and i32 %106, 1024 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %121 %116 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 1 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %122 br label %122 %123 = phi i64 [ 9223372036854775807, %121 ], [ 2147483647, %115 ], [ 2147483647, %104 ] %124 = icmp eq i64 %108, %123 br i1 %124, label %827, label %125 %126 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 3 %127 = load i64, i64* %126, align 8 %128 = icmp eq i64 %127, %108 br i1 %128, label %198, label %129 %199 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 2 %200 = load %struct.fname*, %struct.fname** %199, align 8 %201 = icmp eq %struct.fname* %200, null br i1 %201, label %272, label %202 %203 = load %struct.inode*, %struct.inode** %5, align 8 %204 = getelementptr inbounds %struct.inode, %struct.inode* %203, i64 0, i32 8 %205 = load %struct.super_block*, %struct.super_block** %204, align 8 %206 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 0 %207 = load i32, i32* %206, align 8 %208 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 1 %209 = load i32, i32* %208, align 4 br i1 %111, label %210, label %219 %211 = and i32 %106, 1024 %212 = icmp eq i32 %211, 0 br i1 %212, label %213, label %222 %214 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %215 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %214, i64 0, i32 0, i32 1 %216 = load i32, i32* %215, align 8 %217 = and i32 %216, 2 %218 = icmp eq i32 %217, 0 br i1 %218, label %222, label %219 %223 = lshr i32 %207, 1 %224 = zext i32 %223 to i64 %225 = shl nuw nsw i64 %224, 32 %226 = zext i32 %209 to i64 %227 = or i64 %225, %226 br label %228 %229 = phi i64 [ %221, %219 ], [ %227, %222 ] store i64 %229, i64* %107, align 8 %230 = getelementptr inbounds %struct.super_block, %struct.super_block* %205, i64 0, i32 28 %231 = bitcast i8** %230 to %struct.ext4_sb_info** %232 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %233 %234 = phi %struct.fname* [ %200, %228 ], [ %266, %264 ] %235 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 7, i64 0 %236 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 5 %237 = load i8, i8* %236, align 4 %238 = zext i8 %237 to i32 %239 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = zext i32 %240 to i64 %242 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 6 %243 = load i8, i8* %242, align 1 %244 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %231, align 32 %245 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %244, i64 0, i32 15 %246 = load %struct.ext4_super_block*, %struct.ext4_super_block** %245, align 8 %247 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %246, i64 0, i32 29 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 2 %250 = icmp eq i32 %249, 0 %251 = icmp ugt i8 %243, 7 %252 = or i1 %251, %250 br i1 %252, label %257, label %253 %254 = zext i8 %243 to i64 %255 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %254 %256 = load i8, i8* %255, align 1 br label %257 %258 = phi i8 [ %256, %253 ], [ 0, %233 ] %259 = zext i8 %258 to i32 %260 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %232, align 8 %261 = load i64, i64* %107, align 8 %262 = tail call i32 %260(%struct.dir_context* %1, i8* %235, i32 %238, i64 %261, i64 %241, i32 %259) #69 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %268 %265 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 3 %266 = load %struct.fname*, %struct.fname** %265, align 8 %267 = icmp eq %struct.fname* %266, null br i1 %267, label %271, label %233 store %struct.fname* null, %struct.fname** %199, align 8 br label %456 %457 = phi i32 [ 0, %271 ], [ %369, %384 ], [ %369, %449 ] %458 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %459 = load %struct.rb_node*, %struct.rb_node** %458, align 8 %460 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %459) #69 store %struct.rb_node* %460, %struct.rb_node** %458, align 8 %461 = icmp eq %struct.rb_node* %460, null %462 = bitcast %struct.rb_node* %460 to i8* br i1 %461, label %472, label %463 %473 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %474 = load i32, i32* %473, align 8 %475 = icmp eq i32 %474, -1 br i1 %475, label %476, label %492 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 store i32 %474, i32* %493, align 8 %494 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 store i32 0, i32* %494, align 4 br label %282 %283 = phi i8* [ %462, %463 ], [ %462, %492 ], [ %276, %272 ], [ %281, %277 ] %284 = phi %struct.rb_node* [ %460, %463 ], [ null, %492 ], [ %274, %272 ], [ %280, %277 ] %285 = phi i32 [ %457, %463 ], [ %457, %492 ], [ 0, %272 ], [ 0, %277 ] %286 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %287 = icmp eq %struct.rb_node* %284, null br i1 %287, label %295, label %288 %289 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %292 = load volatile i64, i64* %291, align 8 %293 = lshr i64 %292, 1 %294 = icmp eq i64 %293, %290 br i1 %294, label %367, label %295 store %struct.rb_node* null, %struct.rb_node** %286, align 8 %296 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0 %297 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %296) #69 %298 = icmp eq %struct.rb_node* %297, null %299 = getelementptr %struct.rb_node, %struct.rb_node* %297, i64 -1, i32 2 %300 = icmp eq %struct.rb_node** %299, null %301 = or i1 %298, %300 br i1 %301, label %321, label %302 %303 = bitcast %struct.rb_node** %299 to %struct.fname* br label %306 %307 = phi %struct.fname* [ %313, %304 ], [ %303, %302 ] %308 = getelementptr inbounds %struct.fname, %struct.fname* %307, i64 0, i32 2 %309 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %308) #69 %310 = icmp eq %struct.rb_node* %309, null %311 = getelementptr %struct.rb_node, %struct.rb_node* %309, i64 -1, i32 2 %312 = bitcast %struct.rb_node** %311 to %struct.fname* %313 = select i1 %310, %struct.fname* null, %struct.fname* %312 %314 = icmp eq %struct.fname* %307, null br i1 %314, label %304, label %315 %316 = phi %struct.fname* [ %318, %315 ], [ %307, %306 ] %317 = getelementptr inbounds %struct.fname, %struct.fname* %316, i64 0, i32 3 %318 = load %struct.fname*, %struct.fname** %317, align 8 %319 = bitcast %struct.fname* %316 to i8* tail call void @kfree(i8* nonnull %319) #69 %320 = icmp eq %struct.fname* %318, null br i1 %320, label %304, label %315 %305 = icmp eq %struct.fname* %313, null br i1 %305, label %321, label %306 %322 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %322, align 8 %323 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %324 = load volatile i64, i64* %323, align 8 br label %325 %326 = phi i64 [ %324, %321 ], [ %332, %330 ] %327 = and i64 %326, 1 %328 = icmp eq i64 %327, 0 br i1 %328, label %330, label %329 %331 = or i64 %326, 1 %332 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %323, i64 %331, i64 %326, i64* %323) #6, !srcloc !6 %333 = icmp eq i64 %332, %326 br i1 %333, label %334, label %325, !prof !7, !misexpect !8 %335 = lshr i64 %326, 1 %336 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %335, i64* %336, align 8 %337 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 %340 = load i32, i32* %339, align 4 %341 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %342 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %338, i32 %340, i32* %341) #69 %343 = icmp slt i32 %342, 0 br i1 %343, label %344, label %346 %345 = load i64, i64* %107, align 8 store i64 %345, i64* %126, align 8 br label %501 %502 = phi i32 [ %342, %344 ], [ %499, %497 ] %503 = icmp eq i32 %502, -4094 br i1 %503, label %504, label %827 %505 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %15, align 32 %506 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %505, i64 0, i32 15 %507 = load %struct.ext4_super_block*, %struct.ext4_super_block** %506, align 8 %508 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %507, i64 0, i32 30 %509 = load i32, i32* %508, align 4 %510 = and i32 %509, 1024 %511 = icmp eq i32 %510, 0 br i1 %511, label %528, label %512 %513 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %505, i64 0, i32 103 %514 = load %struct.crypto_shash*, %struct.crypto_shash** %513, align 16 %515 = icmp eq %struct.crypto_shash* %514, null br i1 %515, label %516, label %531, !prof !9, !misexpect !10 %532 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 37 %533 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %532, i64 20 %534 = bitcast %struct.kuid_t* %533 to i64* %535 = load volatile i64, i64* %534, align 8 %536 = and i64 %535, 268435456 %537 = icmp eq i64 %536, 0 br i1 %537, label %548, label %538 %539 = bitcast %struct.kuid_t* %532 to %struct.ext4_inode_info* %540 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %539, i64 0, i32 29 %541 = load i16, i16* %540, align 2 %542 = icmp eq i16 %541, 0 br i1 %542, label %548, label %543 %544 = bitcast i32* %3 to i8* store i32 1, i32* %3, align 4 %545 = call i32 bitcast (i32 (%struct.file.178565*, %struct.dir_context*, i32*)* @ext4_read_inline_dir to i32 (%struct.file*, %struct.dir_context*, i32*)*)(%struct.file* %0, %struct.dir_context* %1, i32* nonnull %3) #69 Function:ext4_read_inline_dir %4 = alloca %struct.ext4_iloc.178800, align 8 %5 = getelementptr inbounds %struct.file.178565, %struct.file.178565* %0, i64 0, i32 2 %6 = load %struct.inode.178704*, %struct.inode.178704** %5, align 8 %7 = bitcast %struct.ext4_iloc.178800* %4 to i8* %8 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode.178704*, %struct.ext4_iloc.178800*)*)(%struct.inode.178704* %6, %struct.ext4_iloc.178800* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_find_inline_entry 1 __ext4_find_entry 2 ext4_lookup ------------- Path:  Function:ext4_lookup %4 = alloca %struct.ext4_filename, align 8 %5 = alloca %struct.ext4_dir_entry_2*, align 8 %6 = bitcast %struct.ext4_dir_entry_2** %5 to i8* %7 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 0 %8 = bitcast %struct.anon.1* %7 to %struct.util_est* %9 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %10 = load i32, i32* %9, align 4 %11 = icmp ugt i32 %10, 255 br i1 %11, label %80, label %12 %13 = bitcast %struct.ext4_filename* %4 to i8* %14 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4 %15 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 0 store %struct.qstr* %14, %struct.qstr** %15, align 8 %16 = getelementptr inbounds %struct.dentry, %struct.dentry* %1, i64 0, i32 4, i32 1 %17 = bitcast i8** %16 to i64* %18 = load i64, i64* %17, align 8 %19 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1 %20 = bitcast %struct.uuidcmp* %19 to i64* store i64 %18, i64* %20, align 8 %21 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %4, i64 0, i32 1, i32 1 store i32 %10, i32* %21, align 8 %22 = call fastcc %struct.buffer_head* @__ext4_find_entry(%struct.inode* %0, %struct.ext4_filename* nonnull %4, %struct.ext4_dir_entry_2** nonnull %5, i32* null) #69 Function:__ext4_find_entry %5 = alloca [3 x %struct.dx_frame], align 16 %6 = alloca [8 x %struct.buffer_head*], align 16 %7 = alloca i32, align 4 %8 = bitcast [8 x %struct.buffer_head*]* %6 to i8* %9 = getelementptr inbounds %struct.ext4_filename, %struct.ext4_filename* %1, i64 0, i32 0 %10 = load %struct.qstr*, %struct.qstr** %9, align 8 %11 = getelementptr inbounds %struct.qstr, %struct.qstr* %10, i64 0, i32 1 %12 = load i8*, i8** %11, align 8 store %struct.ext4_dir_entry_2* null, %struct.ext4_dir_entry_2** %2, align 8 %13 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %14 = load %struct.super_block*, %struct.super_block** %13, align 8 %15 = bitcast %struct.ext4_filename* %1 to %struct.util_est** %16 = load %struct.util_est*, %struct.util_est** %15, align 8 %17 = getelementptr inbounds %struct.util_est, %struct.util_est* %16, i64 0, i32 1 %18 = load i32, i32* %17, align 4 %19 = icmp sgt i32 %18, 255 br i1 %19, label %450, label %20 %21 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %22 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %21, i64 20 %23 = bitcast %struct.kuid_t* %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = and i64 %24, 268435456 %26 = icmp eq i64 %25, 0 br i1 %26, label %42, label %27 %28 = bitcast %struct.kuid_t* %21 to %struct.ext4_inode_info* %29 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %28, i64 0, i32 29 %30 = load i16, i16* %29, align 2 %31 = icmp eq i16 %30, 0 br i1 %31, label %42, label %32 %33 = bitcast i32* %7 to i8* store i32 1, i32* %7, align 4 %34 = call %struct.buffer_head* bitcast (%struct.buffer_head.178799* (%struct.inode.178704*, %struct.ext4_filename*, %struct.ext4_dir_entry_2**, i32*)* @ext4_find_inline_entry to %struct.buffer_head* (%struct.inode*, %struct.ext4_filename*, %struct.ext4_dir_entry_2**, i32*)*)(%struct.inode* %0, %struct.ext4_filename* %1, %struct.ext4_dir_entry_2** %2, i32* nonnull %7) #69 Function:ext4_find_inline_entry %5 = alloca %struct.ext4_iloc.178800, align 8 %6 = bitcast %struct.ext4_iloc.178800* %5 to i8* %7 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode.178704*, %struct.ext4_iloc.178800*)*)(%struct.inode.178704* %0, %struct.ext4_iloc.178800* nonnull %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_inlinedir_to_tree 1 ext4_htree_fill_tree 2 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 16384 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %827 %14 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.ext4_sb_info** %16 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %15, align 32 %17 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %16, i64 0, i32 15 %18 = load %struct.ext4_super_block*, %struct.ext4_super_block** %17, align 8 %19 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %18, i64 0, i32 28 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 32 %22 = icmp eq i32 %21, 0 br i1 %22, label %531, label %23 %24 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 37 %25 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %24, i64 20 %26 = bitcast %struct.kuid_t* %25 to i64* %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %531, label %42 %43 = bitcast %struct.kuid_t* %24 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 29 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %531, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #69 %60 = icmp eq i8* %59, null br i1 %60, label %827, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %87 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %92 %71 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 0, i32 1 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 2 %75 = icmp eq i32 %74, 0 %76 = trunc i64 %57 to i32 %77 = shl i32 %76, 1 %78 = lshr i64 %57, 31 %79 = trunc i64 %78 to i32 %80 = and i32 %79, -2 %81 = select i1 %75, i32 %80, i32 %77 %82 = getelementptr inbounds i8, i8* %59, i64 32 %83 = bitcast i8* %82 to i32* store i32 %81, i32* %83, align 8 %84 = load i32, i32* %72, align 8 %85 = and i32 %84, 2 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %100 %99 = trunc i64 %57 to i32 br label %100 %101 = phi i32 [ %99, %98 ], [ 0, %70 ], [ 0, %87 ] %102 = getelementptr inbounds i8, i8* %59, i64 36 %103 = bitcast i8* %102 to i32* store i32 %101, i32* %103, align 4 store i8* %59, i8** %48, align 8 br label %104 %105 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %100 ] %106 = phi i32 [ %54, %52 ], [ %64, %100 ] %107 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %110 = and i32 %106, 512 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %122 %113 = and i32 %106, 1024 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %121 %116 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 1 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %122 br label %122 %123 = phi i64 [ 9223372036854775807, %121 ], [ 2147483647, %115 ], [ 2147483647, %104 ] %124 = icmp eq i64 %108, %123 br i1 %124, label %827, label %125 %126 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 3 %127 = load i64, i64* %126, align 8 %128 = icmp eq i64 %127, %108 br i1 %128, label %198, label %129 %199 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 2 %200 = load %struct.fname*, %struct.fname** %199, align 8 %201 = icmp eq %struct.fname* %200, null br i1 %201, label %272, label %202 %203 = load %struct.inode*, %struct.inode** %5, align 8 %204 = getelementptr inbounds %struct.inode, %struct.inode* %203, i64 0, i32 8 %205 = load %struct.super_block*, %struct.super_block** %204, align 8 %206 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 0 %207 = load i32, i32* %206, align 8 %208 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 1 %209 = load i32, i32* %208, align 4 br i1 %111, label %210, label %219 %211 = and i32 %106, 1024 %212 = icmp eq i32 %211, 0 br i1 %212, label %213, label %222 %214 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %215 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %214, i64 0, i32 0, i32 1 %216 = load i32, i32* %215, align 8 %217 = and i32 %216, 2 %218 = icmp eq i32 %217, 0 br i1 %218, label %222, label %219 %223 = lshr i32 %207, 1 %224 = zext i32 %223 to i64 %225 = shl nuw nsw i64 %224, 32 %226 = zext i32 %209 to i64 %227 = or i64 %225, %226 br label %228 %229 = phi i64 [ %221, %219 ], [ %227, %222 ] store i64 %229, i64* %107, align 8 %230 = getelementptr inbounds %struct.super_block, %struct.super_block* %205, i64 0, i32 28 %231 = bitcast i8** %230 to %struct.ext4_sb_info** %232 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %233 %234 = phi %struct.fname* [ %200, %228 ], [ %266, %264 ] %235 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 7, i64 0 %236 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 5 %237 = load i8, i8* %236, align 4 %238 = zext i8 %237 to i32 %239 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = zext i32 %240 to i64 %242 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 6 %243 = load i8, i8* %242, align 1 %244 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %231, align 32 %245 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %244, i64 0, i32 15 %246 = load %struct.ext4_super_block*, %struct.ext4_super_block** %245, align 8 %247 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %246, i64 0, i32 29 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 2 %250 = icmp eq i32 %249, 0 %251 = icmp ugt i8 %243, 7 %252 = or i1 %251, %250 br i1 %252, label %257, label %253 %254 = zext i8 %243 to i64 %255 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %254 %256 = load i8, i8* %255, align 1 br label %257 %258 = phi i8 [ %256, %253 ], [ 0, %233 ] %259 = zext i8 %258 to i32 %260 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %232, align 8 %261 = load i64, i64* %107, align 8 %262 = tail call i32 %260(%struct.dir_context* %1, i8* %235, i32 %238, i64 %261, i64 %241, i32 %259) #69 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %268 %265 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 3 %266 = load %struct.fname*, %struct.fname** %265, align 8 %267 = icmp eq %struct.fname* %266, null br i1 %267, label %271, label %233 store %struct.fname* null, %struct.fname** %199, align 8 br label %456 %457 = phi i32 [ 0, %271 ], [ %369, %384 ], [ %369, %449 ] %458 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %459 = load %struct.rb_node*, %struct.rb_node** %458, align 8 %460 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %459) #69 store %struct.rb_node* %460, %struct.rb_node** %458, align 8 %461 = icmp eq %struct.rb_node* %460, null %462 = bitcast %struct.rb_node* %460 to i8* br i1 %461, label %472, label %463 %473 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %474 = load i32, i32* %473, align 8 %475 = icmp eq i32 %474, -1 br i1 %475, label %476, label %492 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 store i32 %474, i32* %493, align 8 %494 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 store i32 0, i32* %494, align 4 br label %282 %283 = phi i8* [ %462, %463 ], [ %462, %492 ], [ %276, %272 ], [ %281, %277 ] %284 = phi %struct.rb_node* [ %460, %463 ], [ null, %492 ], [ %274, %272 ], [ %280, %277 ] %285 = phi i32 [ %457, %463 ], [ %457, %492 ], [ 0, %272 ], [ 0, %277 ] %286 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %287 = icmp eq %struct.rb_node* %284, null br i1 %287, label %295, label %288 %289 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %292 = load volatile i64, i64* %291, align 8 %293 = lshr i64 %292, 1 %294 = icmp eq i64 %293, %290 br i1 %294, label %367, label %295 store %struct.rb_node* null, %struct.rb_node** %286, align 8 %296 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0 %297 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %296) #69 %298 = icmp eq %struct.rb_node* %297, null %299 = getelementptr %struct.rb_node, %struct.rb_node* %297, i64 -1, i32 2 %300 = icmp eq %struct.rb_node** %299, null %301 = or i1 %298, %300 br i1 %301, label %321, label %302 %303 = bitcast %struct.rb_node** %299 to %struct.fname* br label %306 %307 = phi %struct.fname* [ %313, %304 ], [ %303, %302 ] %308 = getelementptr inbounds %struct.fname, %struct.fname* %307, i64 0, i32 2 %309 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %308) #69 %310 = icmp eq %struct.rb_node* %309, null %311 = getelementptr %struct.rb_node, %struct.rb_node* %309, i64 -1, i32 2 %312 = bitcast %struct.rb_node** %311 to %struct.fname* %313 = select i1 %310, %struct.fname* null, %struct.fname* %312 %314 = icmp eq %struct.fname* %307, null br i1 %314, label %304, label %315 %316 = phi %struct.fname* [ %318, %315 ], [ %307, %306 ] %317 = getelementptr inbounds %struct.fname, %struct.fname* %316, i64 0, i32 3 %318 = load %struct.fname*, %struct.fname** %317, align 8 %319 = bitcast %struct.fname* %316 to i8* tail call void @kfree(i8* nonnull %319) #69 %320 = icmp eq %struct.fname* %318, null br i1 %320, label %304, label %315 %305 = icmp eq %struct.fname* %313, null br i1 %305, label %321, label %306 %322 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %322, align 8 %323 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %324 = load volatile i64, i64* %323, align 8 br label %325 %326 = phi i64 [ %324, %321 ], [ %332, %330 ] %327 = and i64 %326, 1 %328 = icmp eq i64 %327, 0 br i1 %328, label %330, label %329 %331 = or i64 %326, 1 %332 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %323, i64 %331, i64 %326, i64* %323) #6, !srcloc !6 %333 = icmp eq i64 %332, %326 br i1 %333, label %334, label %325, !prof !7, !misexpect !8 %335 = lshr i64 %326, 1 %336 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %335, i64* %336, align 8 %337 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 %340 = load i32, i32* %339, align 4 %341 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %342 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %338, i32 %340, i32* %341) #69 Function:ext4_htree_fill_tree %5 = alloca %struct.dx_hash_info, align 8 %6 = alloca [3 x %struct.dx_frame], align 16 %7 = alloca %struct.uuidcmp, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.dx_hash_info* %5 to i8* %10 = bitcast [3 x %struct.dx_frame]* %6 to i8* %11 = bitcast %struct.uuidcmp* %7 to i8* %12 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %13 = load %struct.inode*, %struct.inode** %12, align 8 %14 = getelementptr %struct.inode, %struct.inode* %13, i64 -1, i32 37 %15 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %14, i64 20 %16 = bitcast %struct.kuid_t* %15 to i64* %17 = load volatile i64, i64* %16, align 8 %18 = and i64 %17, 4096 %19 = icmp eq i64 %18, 0 br i1 %19, label %20, label %54 %21 = getelementptr inbounds %struct.inode, %struct.inode* %13, i64 0, i32 8 %22 = load %struct.super_block*, %struct.super_block** %21, align 8 %23 = getelementptr inbounds %struct.super_block, %struct.super_block* %22, i64 0, i32 28 %24 = bitcast i8** %23 to %struct.ext4_sb_info** %25 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %24, align 32 %26 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %25, i64 0, i32 34 %27 = load i32, i32* %26, align 4 %28 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 2 store i32 %27, i32* %28, align 8 %29 = icmp slt i32 %27, 3 br i1 %29, label %30, label %34 %31 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %25, i64 0, i32 35 %32 = load i32, i32* %31, align 16 %33 = add i32 %32, %27 store i32 %33, i32* %28, align 8 br label %34 %35 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %25, i64 0, i32 33, i64 0 %36 = getelementptr inbounds %struct.dx_hash_info, %struct.dx_hash_info* %5, i64 0, i32 3 store i32* %35, i32** %36, align 8 %37 = load volatile i64, i64* %16, align 8 %38 = and i64 %37, 268435456 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = bitcast %struct.kuid_t* %14 to %struct.ext4_inode_info* %42 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %41, i64 0, i32 29 %43 = load i16, i16* %42, align 2 %44 = icmp eq i16 %43, 0 br i1 %44, label %52, label %45 %46 = bitcast i32* %8 to i8* store i32 1, i32* %8, align 4 %47 = call i32 bitcast (i32 (%struct.file.178565*, %struct.inode.178704*, i32, %struct.dx_hash_info*, i32, i32, i32*)* @ext4_inlinedir_to_tree to i32 (%struct.file*, %struct.inode*, i32, %struct.dx_hash_info*, i32, i32, i32*)*)(%struct.file* %0, %struct.inode* %13, i32 0, %struct.dx_hash_info* nonnull %5, i32 %1, i32 %2, i32* nonnull %8) #69 Function:ext4_inlinedir_to_tree %8 = alloca %struct.ext4_iloc.178800, align 8 %9 = alloca %struct.ext4_dir_entry_2, align 4 %10 = getelementptr inbounds %struct.ext4_dir_entry_2, %struct.ext4_dir_entry_2* %9, i64 0, i32 2 %11 = getelementptr inbounds %struct.ext4_dir_entry_2, %struct.ext4_dir_entry_2* %9, i64 0, i32 4 %12 = alloca %struct.uuidcmp, align 8 %13 = getelementptr inbounds %struct.file.178565, %struct.file.178565* %0, i64 0, i32 2 %14 = load %struct.inode.178704*, %struct.inode.178704** %13, align 8 %15 = bitcast %struct.ext4_iloc.178800* %8 to i8* %16 = bitcast %struct.ext4_dir_entry_2* %9 to i8* %17 = bitcast %struct.uuidcmp* %12 to i8* %18 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode.178704*, %struct.ext4_iloc.178800*)*)(%struct.inode.178704* %14, %struct.ext4_iloc.178800* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 _ext4_fiemap 1 ext4_get_es_cache 2 ext4_ioctl 3 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %803 = bitcast %struct.fiemap* %4 to i8* %804 = inttoptr i64 %2 to %struct.fiemap* %805 = bitcast %struct.fiemap_extent_info* %5 to i8* %806 = inttoptr i64 %2 to i8* %807 = call i64 @_copy_from_user(i8* nonnull %803, i8* %806, i64 32) #70 %808 = icmp eq i64 %807, 0 br i1 %808, label %809, label %867 %810 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 4 %811 = load i32, i32* %810, align 8 %812 = icmp ugt i32 %811, 76695844 br i1 %812, label %867, label %813 %814 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 0 %815 = load i64, i64* %814, align 8 %816 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 1 %817 = load i64, i64* %816, align 8 %818 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 4 %819 = load i64, i64* %818, align 32 %820 = icmp eq i64 %817, 0 br i1 %820, label %867, label %821 %822 = icmp ult i64 %819, %815 br i1 %822, label %867, label %823 %824 = icmp ult i64 %819, %817 %825 = sub i64 %819, %817 %826 = icmp ult i64 %825, %815 %827 = or i1 %824, %826 %828 = sub i64 %819, %815 %829 = select i1 %827, i64 %828, i64 %817 %830 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 2 %831 = load i32, i32* %830, align 8 %832 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 0 store i32 %831, i32* %832, align 8 %833 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 2 store i32 %811, i32* %833, align 8 %834 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %804, i64 0, i32 6, i64 0 %835 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 3 store %struct.fiemap_extent* %834, %struct.fiemap_extent** %835, align 8 %836 = icmp eq i32 %811, 0 br i1 %836, label %848, label %837 %838 = zext i32 %811 to i64 %839 = mul nuw nsw i64 %838, 56 %840 = call %struct.task_struct.179676* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.179676** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.179676**)) #10, !srcloc !20 %841 = getelementptr inbounds %struct.task_struct.179676, %struct.task_struct.179676* %840, i64 0, i32 163, i32 17, i32 0 %842 = load i64, i64* %841, align 8 %843 = ptrtoint %struct.fiemap_extent* %834 to i64 %844 = add i64 %839, %843 %845 = icmp ult i64 %844, %839 %846 = icmp ugt i64 %844, %842 %847 = or i1 %845, %846 br i1 %847, label %867, label %848, !prof !9, !misexpect !21 %849 = and i32 %831, 1 %850 = icmp eq i32 %849, 0 br i1 %850, label %856, label %851 %852 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 9 %853 = load %struct.address_space.179567*, %struct.address_space.179567** %852, align 8 %854 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.179567*)*)(%struct.address_space.179567* %853) #70 %855 = load i64, i64* %814, align 8 br label %856 %857 = phi i64 [ %815, %848 ], [ %855, %851 ] %858 = call i32 bitcast (i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64)* @ext4_get_es_cache to i32 (%struct.inode.179564*, %struct.fiemap_extent_info*, i64, i64)*)(%struct.inode.179564* %25, %struct.fiemap_extent_info* nonnull %5, i64 %857, i64 %829) #70 Function:ext4_get_es_cache %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 20 %7 = bitcast %struct.kuid_t* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 268435456 %10 = icmp eq i64 %9, 0 br i1 %10, label %26, label %11 %27 = tail call fastcc i32 @_ext4_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %3, i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* nonnull @ext4_fill_es_cache_info) #70 Function:_ext4_fiemap %6 = alloca %struct.ext4_iloc, align 8 %7 = alloca i32, align 4 %8 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 20 %10 = bitcast %struct.kuid_t* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 268435456 %13 = icmp eq i64 %12, 0 br i1 %13, label %24, label %14 %25 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %36 = load volatile i64, i64* %10, align 8 %37 = and i64 %36, 524288 %38 = icmp eq i64 %37, 0 %39 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_fiemap_extents %40 = and i1 %39, %38 br i1 %40, label %41, label %43 %44 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_es_cache_info %45 = select i1 %44, i32 2, i32 3 %46 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %120 %49 = load i32, i32* %25, align 8 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 %52 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %53 = load %struct.super_block*, %struct.super_block** %52, align 8 %54 = getelementptr inbounds %struct.super_block, %struct.super_block* %53, i64 0, i32 2 %55 = load i8, i8* %54, align 4 br i1 %51, label %107, label %56 %57 = load volatile i64, i64* %10, align 8 %58 = and i64 %57, 17179869184 %59 = icmp eq i64 %58, 0 br i1 %59, label %90, label %60 %61 = bitcast %struct.ext4_iloc* %6 to i8* %62 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode*, %struct.ext4_iloc*)*)(%struct.inode* %0, %struct.ext4_iloc* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 _ext4_fiemap 1 ext4_get_es_cache 2 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %803 = bitcast %struct.fiemap* %4 to i8* %804 = inttoptr i64 %2 to %struct.fiemap* %805 = bitcast %struct.fiemap_extent_info* %5 to i8* %806 = inttoptr i64 %2 to i8* %807 = call i64 @_copy_from_user(i8* nonnull %803, i8* %806, i64 32) #70 %808 = icmp eq i64 %807, 0 br i1 %808, label %809, label %867 %810 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 4 %811 = load i32, i32* %810, align 8 %812 = icmp ugt i32 %811, 76695844 br i1 %812, label %867, label %813 %814 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 0 %815 = load i64, i64* %814, align 8 %816 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 1 %817 = load i64, i64* %816, align 8 %818 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 4 %819 = load i64, i64* %818, align 32 %820 = icmp eq i64 %817, 0 br i1 %820, label %867, label %821 %822 = icmp ult i64 %819, %815 br i1 %822, label %867, label %823 %824 = icmp ult i64 %819, %817 %825 = sub i64 %819, %817 %826 = icmp ult i64 %825, %815 %827 = or i1 %824, %826 %828 = sub i64 %819, %815 %829 = select i1 %827, i64 %828, i64 %817 %830 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 2 %831 = load i32, i32* %830, align 8 %832 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 0 store i32 %831, i32* %832, align 8 %833 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 2 store i32 %811, i32* %833, align 8 %834 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %804, i64 0, i32 6, i64 0 %835 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 3 store %struct.fiemap_extent* %834, %struct.fiemap_extent** %835, align 8 %836 = icmp eq i32 %811, 0 br i1 %836, label %848, label %837 %838 = zext i32 %811 to i64 %839 = mul nuw nsw i64 %838, 56 %840 = call %struct.task_struct.179676* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.179676** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.179676**)) #10, !srcloc !20 %841 = getelementptr inbounds %struct.task_struct.179676, %struct.task_struct.179676* %840, i64 0, i32 163, i32 17, i32 0 %842 = load i64, i64* %841, align 8 %843 = ptrtoint %struct.fiemap_extent* %834 to i64 %844 = add i64 %839, %843 %845 = icmp ult i64 %844, %839 %846 = icmp ugt i64 %844, %842 %847 = or i1 %845, %846 br i1 %847, label %867, label %848, !prof !9, !misexpect !21 %849 = and i32 %831, 1 %850 = icmp eq i32 %849, 0 br i1 %850, label %856, label %851 %852 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 9 %853 = load %struct.address_space.179567*, %struct.address_space.179567** %852, align 8 %854 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.179567*)*)(%struct.address_space.179567* %853) #70 %855 = load i64, i64* %814, align 8 br label %856 %857 = phi i64 [ %815, %848 ], [ %855, %851 ] %858 = call i32 bitcast (i32 (%struct.inode*, %struct.fiemap_extent_info*, i64, i64)* @ext4_get_es_cache to i32 (%struct.inode.179564*, %struct.fiemap_extent_info*, i64, i64)*)(%struct.inode.179564* %25, %struct.fiemap_extent_info* nonnull %5, i64 %857, i64 %829) #70 Function:ext4_get_es_cache %5 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %6 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %5, i64 20 %7 = bitcast %struct.kuid_t* %6 to i64* %8 = load volatile i64, i64* %7, align 8 %9 = and i64 %8, 268435456 %10 = icmp eq i64 %9, 0 br i1 %10, label %26, label %11 %27 = tail call fastcc i32 @_ext4_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %3, i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* nonnull @ext4_fill_es_cache_info) #70 Function:_ext4_fiemap %6 = alloca %struct.ext4_iloc, align 8 %7 = alloca i32, align 4 %8 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 20 %10 = bitcast %struct.kuid_t* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 268435456 %13 = icmp eq i64 %12, 0 br i1 %13, label %24, label %14 %25 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %36 = load volatile i64, i64* %10, align 8 %37 = and i64 %36, 524288 %38 = icmp eq i64 %37, 0 %39 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_fiemap_extents %40 = and i1 %39, %38 br i1 %40, label %41, label %43 %44 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_es_cache_info %45 = select i1 %44, i32 2, i32 3 %46 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %120 %49 = load i32, i32* %25, align 8 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 %52 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %53 = load %struct.super_block*, %struct.super_block** %52, align 8 %54 = getelementptr inbounds %struct.super_block, %struct.super_block* %53, i64 0, i32 2 %55 = load i8, i8* %54, align 4 br i1 %51, label %107, label %56 %57 = load volatile i64, i64* %10, align 8 %58 = and i64 %57, 17179869184 %59 = icmp eq i64 %58, 0 br i1 %59, label %90, label %60 %61 = bitcast %struct.ext4_iloc* %6 to i8* %62 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode*, %struct.ext4_iloc*)*)(%struct.inode* %0, %struct.ext4_iloc* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 _ext4_fiemap 1 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = tail call fastcc i32 @_ext4_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %3, i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* nonnull @ext4_fill_fiemap_extents) #69 Function:_ext4_fiemap %6 = alloca %struct.ext4_iloc, align 8 %7 = alloca i32, align 4 %8 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 20 %10 = bitcast %struct.kuid_t* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 268435456 %13 = icmp eq i64 %12, 0 br i1 %13, label %24, label %14 %25 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %36 = load volatile i64, i64* %10, align 8 %37 = and i64 %36, 524288 %38 = icmp eq i64 %37, 0 %39 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_fiemap_extents %40 = and i1 %39, %38 br i1 %40, label %41, label %43 %44 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_es_cache_info %45 = select i1 %44, i32 2, i32 3 %46 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %120 %49 = load i32, i32* %25, align 8 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 %52 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %53 = load %struct.super_block*, %struct.super_block** %52, align 8 %54 = getelementptr inbounds %struct.super_block, %struct.super_block* %53, i64 0, i32 2 %55 = load i8, i8* %54, align 4 br i1 %51, label %107, label %56 %57 = load volatile i64, i64* %10, align 8 %58 = and i64 %57, 17179869184 %59 = icmp eq i64 %58, 0 br i1 %59, label %90, label %60 %61 = bitcast %struct.ext4_iloc* %6 to i8* %62 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode*, %struct.ext4_iloc*)*)(%struct.inode* %0, %struct.ext4_iloc* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 _ext4_fiemap 1 ext4_fiemap ------------- Path:  Function:ext4_fiemap %5 = tail call fastcc i32 @_ext4_fiemap(%struct.inode* %0, %struct.fiemap_extent_info* %1, i64 %2, i64 %3, i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* nonnull @ext4_fill_fiemap_extents) #69 Function:_ext4_fiemap %6 = alloca %struct.ext4_iloc, align 8 %7 = alloca i32, align 4 %8 = getelementptr %struct.inode, %struct.inode* %0, i64 -1, i32 37 %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %8, i64 20 %10 = bitcast %struct.kuid_t* %9 to i64* %11 = load volatile i64, i64* %10, align 8 %12 = and i64 %11, 268435456 %13 = icmp eq i64 %12, 0 br i1 %13, label %24, label %14 %25 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %1, i64 0, i32 0 %26 = load i32, i32* %25, align 8 %27 = and i32 %26, 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %36 = load volatile i64, i64* %10, align 8 %37 = and i64 %36, 524288 %38 = icmp eq i64 %37, 0 %39 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_fiemap_extents %40 = and i1 %39, %38 br i1 %40, label %41, label %43 %44 = icmp eq i32 (%struct.inode*, i32, i32, %struct.fiemap_extent_info*)* %4, @ext4_fill_es_cache_info %45 = select i1 %44, i32 2, i32 3 %46 = call i32 @fiemap_check_flags(%struct.fiemap_extent_info* %1, i32 %45) #69 %47 = icmp eq i32 %46, 0 br i1 %47, label %48, label %120 %49 = load i32, i32* %25, align 8 %50 = and i32 %49, 2 %51 = icmp eq i32 %50, 0 %52 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %53 = load %struct.super_block*, %struct.super_block** %52, align 8 %54 = getelementptr inbounds %struct.super_block, %struct.super_block* %53, i64 0, i32 2 %55 = load i8, i8* %54, align 4 br i1 %51, label %107, label %56 %57 = load volatile i64, i64* %10, align 8 %58 = and i64 %57, 17179869184 %59 = icmp eq i64 %58, 0 br i1 %59, label %90, label %60 %61 = bitcast %struct.ext4_iloc* %6 to i8* %62 = call i32 bitcast (i32 (%struct.inode.179231*, %struct.ext4_iloc.179266*)* @ext4_get_inode_loc to i32 (%struct.inode*, %struct.ext4_iloc*)*)(%struct.inode* %0, %struct.ext4_iloc* nonnull %6) #69 ------------- Good: 61 Bad: 7 Ignored: 58 Check Use of Function:ext4_reserve_inode_write Check Use of Function:__dquot_transfer Check Use of Function:ext4_mark_iloc_dirty Check Use of Function:security_sid_to_context_force Check Use of Function:file_update_time Check Use of Function:exit_sem Check Use of Function:tcf_proto_signal_destroying Check Use of Function:rtnetlink_send Check Use of Function:tcf_fill_node Check Use of Function:kernfs_iop_rename Check Use of Function:dev_ifsioc Check Use of Function:ext4_ext_tree_init Check Use of Function:bad_inode_rename2 Check Use of Function:vfat_rename Check Use of Function:mtrr_del Use: =BAD PATH= Call Stack: 0 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 ------------- Good: 1 Bad: 1 Ignored: 1 Check Use of Function:__is_local_mountpoint Check Use of Function:__get_locked_pte Check Use of Function:rt6_lookup Check Use of Function:tty_vhangup_self Check Use of Function:security_msg_queue_msgctl Use: =BAD PATH= Call Stack: 0 __se_sys_msgctl 1 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_msgctl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %19 = bitcast %struct.msginfo* %5 to i8* %20 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_msgctl 1 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_msgctl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %19 = bitcast %struct.msginfo* %5 to i8* %20 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_old_msgctl ------------- Path:  Function:__ia32_compat_sys_old_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = and i32 %10, 256 %13 = and i32 %10, -257 %14 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %13, i8* %11, i32 %12) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %24, i64 0, i32 97 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 8 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 compat_ksys_old_msgctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %75 = zext i32 %4 to i64 %76 = inttoptr i64 %75 to i8* %77 = tail call i64 @compat_ksys_old_msgctl(i32 %1, i32 %2, i8* %76) #69 Function:compat_ksys_old_msgctl %4 = and i32 %1, 256 %5 = and i32 %1, -257 %6 = tail call fastcc i64 @compat_ksys_msgctl(i32 %0, i32 %5, i8* %2, i32 %4) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %24, i64 0, i32 97 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 8 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11, i32 256) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %24, i64 0, i32 97 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 8 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 __se_sys_msgctl 2 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_msgctl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %24, i64 0, i32 97 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 8 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 __se_sys_msgctl 2 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_msgctl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %24 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !5 %25 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %24, i64 0, i32 97 %26 = load %struct.audit_context*, %struct.audit_context** %25, align 8 %27 = icmp eq %struct.audit_context* %26, null br i1 %27, label %36, label %28 %29 = bitcast %struct.audit_context* %26 to i32* %30 = load i32, i32* %29, align 4 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %36, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %36 %37 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_ksys_msgctl 1 __ia32_compat_sys_old_msgctl ------------- Path:  Function:__ia32_compat_sys_old_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = and i32 %10, 256 %13 = and i32 %10, -257 %14 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %13, i8* %11, i32 %12) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %20 = bitcast %struct.msginfo* %8 to i8* %21 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_ksys_msgctl 1 compat_ksys_old_msgctl 2 compat_ksys_ipc 3 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %75 = zext i32 %4 to i64 %76 = inttoptr i64 %75 to i8* %77 = tail call i64 @compat_ksys_old_msgctl(i32 %1, i32 %2, i8* %76) #69 Function:compat_ksys_old_msgctl %4 = and i32 %1, 256 %5 = and i32 %1, -257 %6 = tail call fastcc i64 @compat_ksys_msgctl(i32 %0, i32 %5, i8* %2, i32 %4) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %20 = bitcast %struct.msginfo* %8 to i8* %21 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_ksys_msgctl 1 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11, i32 256) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %20 = bitcast %struct.msginfo* %8 to i8* %21 = tail call i32 @security_msg_queue_msgctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Good: 1 Bad: 10 Ignored: 0 Check Use of Function:simple_rmdir Check Use of Function:udp_abort Check Use of Function:path_mountpoint Check Use of Function:alloc_file_clone Check Use of Function:__tcf_chain_get Check Use of Function:freeque Check Use of Function:xt_find_table_lock Check Use of Function:security_sem_semctl Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_old_semctl ------------- Path:  Function:__ia32_compat_sys_old_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = and i32 %12, 256 %15 = and i32 %12, -257 %16 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %15, i32 %13, i32 %14) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 compat_ksys_old_semctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %27 = icmp eq i32 %4, 0 br i1 %27, label %110, label %28 %30 = zext i32 %4 to i64 %31 = inttoptr i64 %30 to i32* %32 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %31, i64 4, i64 %29) #6, !srcloc !4 %33 = extractvalue { i32*, i64, i64 } %32, 0 %34 = extractvalue { i32*, i64, i64 } %32, 2 %35 = ptrtoint i32* %33 to i64 %36 = and i64 %35, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %110, !prof !5, !misexpect !6 %39 = extractvalue { i32*, i64, i64 } %32, 1 %40 = trunc i64 %39 to i32 %41 = tail call i64 @compat_ksys_old_semctl(i32 %1, i32 %2, i32 %3, i32 %40) #69 Function:compat_ksys_old_semctl %5 = and i32 %2, 256 %6 = and i32 %2, -257 %7 = tail call fastcc i64 @compat_ksys_semctl(i32 %0, i32 %1, i32 %6, i32 %3, i32 %5) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13, i32 256) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 __se_sys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_semctl(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %22 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %8, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 __se_sys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_semctl(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %22 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %8, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %25 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %37, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %37, !prof !6, !misexpect !7 tail call void @__audit_ipc_obj(%struct.kern_ipc_perm* %22) #69 br label %37 %38 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* %22, i32 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 compat_ksys_semctl 2 __ia32_compat_sys_old_semctl ------------- Path:  Function:__ia32_compat_sys_old_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = and i32 %12, 256 %15 = and i32 %12, -257 %16 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %15, i32 %13, i32 %14) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %21 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace.243034* %16, i32 %2, i8* %10) #69 Function:semctl_info %4 = alloca %struct.seminfo, align 4 %5 = bitcast %struct.seminfo* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 compat_ksys_semctl 2 compat_ksys_old_semctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %27 = icmp eq i32 %4, 0 br i1 %27, label %110, label %28 %30 = zext i32 %4 to i64 %31 = inttoptr i64 %30 to i32* %32 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %31, i64 4, i64 %29) #6, !srcloc !4 %33 = extractvalue { i32*, i64, i64 } %32, 0 %34 = extractvalue { i32*, i64, i64 } %32, 2 %35 = ptrtoint i32* %33 to i64 %36 = and i64 %35, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %110, !prof !5, !misexpect !6 %39 = extractvalue { i32*, i64, i64 } %32, 1 %40 = trunc i64 %39 to i32 %41 = tail call i64 @compat_ksys_old_semctl(i32 %1, i32 %2, i32 %3, i32 %40) #69 Function:compat_ksys_old_semctl %5 = and i32 %2, 256 %6 = and i32 %2, -257 %7 = tail call fastcc i64 @compat_ksys_semctl(i32 %0, i32 %1, i32 %6, i32 %3, i32 %5) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %21 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace.243034* %16, i32 %2, i8* %10) #69 Function:semctl_info %4 = alloca %struct.seminfo, align 4 %5 = bitcast %struct.seminfo* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13, i32 256) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %21 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace.243034* %16, i32 %2, i8* %10) #69 Function:semctl_info %4 = alloca %struct.seminfo, align 4 %5 = bitcast %struct.seminfo* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 __se_sys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_semctl(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %19 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace.243034* %17, i32 %8, i8* %9) #69 Function:semctl_info %4 = alloca %struct.seminfo, align 4 %5 = bitcast %struct.seminfo* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_info 1 __se_sys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_semctl(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %19 = tail call fastcc i32 @semctl_info(%struct.ipc_namespace.243034* %17, i32 %8, i8* %9) #69 Function:semctl_info %4 = alloca %struct.seminfo, align 4 %5 = bitcast %struct.seminfo* %4 to i8* %6 = tail call i32 @security_sem_semctl(%struct.kern_ipc_perm* null, i32 %1) #69 ------------- Good: 3 Bad: 10 Ignored: 0 Check Use of Function:stack_trace_save_tsk Check Use of Function:drm_syncobj_open Check Use of Function:lock_two_nondirectories Check Use of Function:mmc_ioctl_cdrom_play_msf Check Use of Function:do_symlinkat Use: =BAD PATH= Call Stack: 0 __ia32_sys_symlink ------------- Path:  Function:__ia32_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i64 @do_symlinkat(i8* %8, i32 -100, i8* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_symlink ------------- Path:  Function:__x64_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i64 @do_symlinkat(i8* %4, i32 -100, i8* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_symlinkat ------------- Path:  Function:__ia32_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i8* %13 = tail call i64 @do_symlinkat(i8* %10, i32 %11, i8* %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_symlinkat ------------- Path:  Function:__x64_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = tail call i64 @do_symlinkat(i8* %4, i32 %10, i8* %9) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:io_cqring_add_event Check Use of Function:lock_mount Check Use of Function:inet_addr_type_table Check Use of Function:free_msg Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __ia32_sys_mq_timedreceive_time32 ------------- Path:  Function:__ia32_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.245632*)*)(%struct.inode.245632* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.54* %104 to i8* %112 = bitcast %struct.anon.54* %105 to i8* %113 = bitcast %struct.anon.54* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.245736** %141 = load %struct.task_struct.245736*, %struct.task_struct.245736** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.54204*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.245736*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.245736* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __x64_sys_mq_timedreceive_time32 ------------- Path:  Function:__x64_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %35 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %35, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %35 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = and i64 %9, 4294967295 %33 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %32, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.245632*)*)(%struct.inode.245632* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.54* %104 to i8* %112 = bitcast %struct.anon.54* %105 to i8* %113 = bitcast %struct.anon.54* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.245736** %141 = load %struct.task_struct.245736*, %struct.task_struct.245736** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.54204*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.245736*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.245736* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.54* %24 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.245632*)*)(%struct.inode.245632* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.54* %104 to i8* %112 = bitcast %struct.anon.54* %105 to i8* %113 = bitcast %struct.anon.54* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.245736** %141 = load %struct.task_struct.245736*, %struct.task_struct.245736** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.54204*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.245736*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.245736* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mq_timedreceive 1 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.54* %20 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %54 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 8 %55 = load i32, i32* %54, align 4 %56 = and i32 %55, 1 %57 = icmp eq i32 %56, 0 br i1 %57, label %174, label %58, !prof !4, !misexpect !6 %59 = getelementptr inbounds i8*, i8** %44, i64 80 %60 = bitcast i8** %59 to i64* %61 = load i64, i64* %60, align 8 %62 = icmp ugt i64 %61, %2 br i1 %62, label %174, label %63, !prof !4, !misexpect !6 %64 = getelementptr inbounds i8*, i8** %44, i64 77 %65 = bitcast i8** %64 to %struct.posix_msg_tree_node** %66 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %67 = icmp eq %struct.posix_msg_tree_node* %66, null br i1 %67, label %68, label %72 %73 = phi %struct.posix_msg_tree_node* [ null, %63 ], [ %71, %68 ] %74 = bitcast i8** %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %74) #69 %75 = load %struct.posix_msg_tree_node*, %struct.posix_msg_tree_node** %65, align 8 %76 = icmp eq %struct.posix_msg_tree_node* %75, null %77 = icmp ne %struct.posix_msg_tree_node* %73, null %78 = and i1 %77, %76 br i1 %78, label %79, label %84 %85 = bitcast %struct.posix_msg_tree_node* %73 to i8* tail call void @kfree(i8* %85) #69 br label %86 %87 = getelementptr inbounds i8*, i8** %44, i64 81 %88 = bitcast i8** %87 to i64* %89 = load i64, i64* %88, align 8 %90 = icmp eq i64 %89, 0 br i1 %90, label %91, label %98 %99 = bitcast %struct.wake_q_head* %8 to i8* %100 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %100, align 8 %101 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %8, i64 0, i32 1 store %struct.wake_q_node** %100, %struct.wake_q_node*** %101, align 8 %102 = call fastcc %struct.msg_msg* @msg_get(%struct.mqueue_inode_info* %45) #70 %103 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 15 %104 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 16 %105 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17 %106 = call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.245632*)*)(%struct.inode.245632* %39) #69 %107 = extractvalue { i64, i64 } %106, 0 %108 = extractvalue { i64, i64 } %106, 1 %109 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 0 store i64 %107, i64* %109, align 8 %110 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %39, i64 0, i32 17, i32 1 store i64 %108, i64* %110, align 8 %111 = bitcast %struct.anon.54* %104 to i8* %112 = bitcast %struct.anon.54* %105 to i8* %113 = bitcast %struct.anon.54* %103 to i8* %114 = getelementptr i8*, i8** %44, i64 101 %115 = bitcast i8** %114 to %struct.list_head* %116 = getelementptr i8*, i8** %44, i64 102 %117 = bitcast i8** %116 to %struct.list_head** %118 = load %struct.list_head*, %struct.list_head** %117, align 8 %119 = icmp eq %struct.list_head* %118, %115 %120 = getelementptr %struct.list_head, %struct.list_head* %118, i64 -1, i32 1 %121 = icmp eq %struct.list_head** %120, null %122 = or i1 %119, %121 br i1 %122, label %123, label %126 %127 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 3 %128 = bitcast %struct.list_head** %127 to %struct.msg_msg** %129 = load %struct.msg_msg*, %struct.msg_msg** %128, align 8 %130 = call fastcc i32 @msg_insert(%struct.msg_msg* %129, %struct.mqueue_inode_info* %45) #69 %131 = icmp eq i32 %130, 0 br i1 %131, label %132, label %144 %133 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 1 %134 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 2 %135 = load %struct.list_head*, %struct.list_head** %134, align 8 %136 = load %struct.list_head*, %struct.list_head** %133, align 8 %137 = getelementptr inbounds %struct.list_head, %struct.list_head* %136, i64 0, i32 1 store %struct.list_head* %135, %struct.list_head** %137, align 8 %138 = ptrtoint %struct.list_head* %136 to i64 %139 = bitcast %struct.list_head* %135 to i64* store volatile i64 %138, i64* %139, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %133, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %134, align 8 %140 = bitcast %struct.list_head** %120 to %struct.task_struct.245736** %141 = load %struct.task_struct.245736*, %struct.task_struct.245736** %140, align 8 call void bitcast (void (%struct.wake_q_head*, %struct.task_struct.54204*)* @wake_q_add to void (%struct.wake_q_head*, %struct.task_struct.245736*)*)(%struct.wake_q_head* nonnull %8, %struct.task_struct.245736* %141) #69 %142 = getelementptr inbounds %struct.list_head*, %struct.list_head** %120, i64 4 %143 = bitcast %struct.list_head** %142 to i32* store i32 1, i32* %143, align 8 br label %144 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %145 = bitcast i8** %44 to i8* store volatile i8 0, i8* %145, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 call void @wake_up_q(%struct.wake_q_head* nonnull %8) #69 br label %154 %155 = phi %struct.msg_msg* [ %102, %144 ], [ %152, %146 ] %156 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 2 %157 = load i64, i64* %156, align 8 %158 = icmp eq i32* %3, null br i1 %158, label %167, label %159 %160 = getelementptr inbounds %struct.msg_msg, %struct.msg_msg* %155, i64 0, i32 1 %161 = load i64, i64* %160, align 8 %162 = trunc i64 %161 to i32 %163 = call i32 asm sideeffect "call __put_user_4", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i32 %162, i32* nonnull %3) #6, !srcloc !10 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %171, !prof !7, !misexpect !6 %166 = load i64, i64* %156, align 8 br label %167 %168 = phi i64 [ %166, %165 ], [ %157, %154 ] %169 = call i32 @store_msg(i8* %1, %struct.msg_msg* %155, i64 %168) #69 %170 = icmp eq i32 %169, 0 br i1 %170, label %172, label %171 %173 = phi i64 [ -14, %171 ], [ %157, %167 ] call void @free_msg(%struct.msg_msg* %155) #69 ------------- Good: 5 Bad: 4 Ignored: 0 Check Use of Function:may_delete Check Use of Function:import_single_range Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %177 = zext i32 %91 to i64 %178 = inttoptr i64 %177 to i8* %179 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %180 = load i32, i32* %179, align 8 %181 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %182 = load i32, i32* %181, align 4 %183 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %184 = load i32, i32* %183, align 16 %185 = zext i32 %184 to i64 %186 = inttoptr i64 %185 to %struct.sys_desc_table* %187 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %188 = load i32, i32* %187, align 4 %189 = zext i32 %188 to i64 %190 = inttoptr i64 %189 to i32* %191 = zext i32 %180 to i64 %192 = or i32 %182, -2147483648 %193 = call i32 @__sys_recvfrom(i32 %89, i8* %178, i64 %191, i32 %192, %struct.sys_desc_table* %186, i32* %190) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recvfrom ------------- Path:  Function:__ia32_compat_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = or i32 %20, -2147483648 %24 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %23, %struct.sys_desc_table* %21, i32* %22) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_compat_sys_recv ------------- Path:  Function:__ia32_compat_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = or i32 %14, -2147483648 %16 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %15, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %132 = trunc i64 %39 to i32 %133 = inttoptr i64 %41 to i8* %134 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %135 = load i64, i64* %134, align 16 %136 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %137 = load i64, i64* %136, align 8 %138 = trunc i64 %137 to i32 %139 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %140 = bitcast i64* %139 to %struct.sys_desc_table** %141 = load %struct.sys_desc_table*, %struct.sys_desc_table** %140, align 16 %142 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %143 = bitcast i64* %142 to i32** %144 = load i32*, i32** %143, align 8 %145 = call i32 @__sys_recvfrom(i32 %132, i8* %133, i64 %135, i32 %138, %struct.sys_desc_table* %141, i32* %144) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %132 = trunc i64 %39 to i32 %133 = inttoptr i64 %41 to i8* %134 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %135 = load i64, i64* %134, align 16 %136 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %137 = load i64, i64* %136, align 8 %138 = trunc i64 %137 to i32 %139 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %140 = bitcast i64* %139 to %struct.sys_desc_table** %141 = load %struct.sys_desc_table*, %struct.sys_desc_table** %140, align 16 %142 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %143 = bitcast i64* %142 to i32** %144 = load i32*, i32** %143, align 8 %145 = call i32 @__sys_recvfrom(i32 %132, i8* %133, i64 %135, i32 %138, %struct.sys_desc_table* %141, i32* %144) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recv ------------- Path:  Function:__ia32_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_recvfrom(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recv ------------- Path:  Function:__x64_sys_recv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_recvfrom(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32* null) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __ia32_sys_recvfrom ------------- Path:  Function:__ia32_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = and i64 %16, 4294967295 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %6 to i8* %20 = trunc i64 %11 to i32 %21 = inttoptr i64 %14 to %struct.sys_desc_table* %22 = inttoptr i64 %17 to i32* %23 = tail call i32 @__sys_recvfrom(i32 %18, i8* %19, i64 %9, i32 %20, %struct.sys_desc_table* %21, i32* %22) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_recvfrom 1 __x64_sys_recvfrom ------------- Path:  Function:__x64_sys_recvfrom %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = bitcast i64* %14 to i32** %16 = load i32*, i32** %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %10 to i32 %19 = tail call i32 @__sys_recvfrom(i32 %17, i8* %6, i64 %8, i32 %18, %struct.sys_desc_table* %13, i32* %16) #69 Function:__sys_recvfrom %7 = alloca %struct.iovec, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.__kernel_sockaddr_storage, align 8 %10 = bitcast %struct.iovec* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.__kernel_sockaddr_storage* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 0, i8* %1, i64 %2, %struct.iovec* nonnull %7, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %152 = zext i32 %91 to i64 %153 = inttoptr i64 %152 to i8* %154 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %155 = load i32, i32* %154, align 8 %156 = zext i32 %155 to i64 %157 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %158 = load i32, i32* %157, align 4 %159 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %160 = load i32, i32* %159, align 16 %161 = zext i32 %160 to i64 %162 = inttoptr i64 %161 to %struct.sys_desc_table* %163 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 5 %164 = load i32, i32* %163, align 4 %165 = call i32 @__sys_sendto(i32 %89, i8* %153, i64 %156, i32 %158, %struct.sys_desc_table* %162, i32 %164) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %108 = trunc i64 %39 to i32 %109 = inttoptr i64 %41 to i8* %110 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %111 = load i64, i64* %110, align 16 %112 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %113 = load i64, i64* %112, align 8 %114 = trunc i64 %113 to i32 %115 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %116 = bitcast i64* %115 to %struct.sys_desc_table** %117 = load %struct.sys_desc_table*, %struct.sys_desc_table** %116, align 16 %118 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %119 = load i64, i64* %118, align 8 %120 = trunc i64 %119 to i32 %121 = call i32 @__sys_sendto(i32 %108, i8* %109, i64 %111, i32 %114, %struct.sys_desc_table* %117, i32 %120) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __se_sys_socketcall 2 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %108 = trunc i64 %39 to i32 %109 = inttoptr i64 %41 to i8* %110 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %111 = load i64, i64* %110, align 16 %112 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 3 %113 = load i64, i64* %112, align 8 %114 = trunc i64 %113 to i32 %115 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 4 %116 = bitcast i64* %115 to %struct.sys_desc_table** %117 = load %struct.sys_desc_table*, %struct.sys_desc_table** %116, align 16 %118 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 5 %119 = load i64, i64* %118, align 8 %120 = trunc i64 %119 to i32 %121 = call i32 @__sys_sendto(i32 %108, i8* %109, i64 %111, i32 %114, %struct.sys_desc_table* %117, i32 %120) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_send ------------- Path:  Function:__ia32_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %11 to i32 %15 = tail call i32 @__sys_sendto(i32 %12, i8* %13, i64 %9, i32 %14, %struct.sys_desc_table* null, i32 0) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_send ------------- Path:  Function:__x64_sys_send %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %10 to i32 %13 = tail call i32 @__sys_sendto(i32 %11, i8* %6, i64 %8, i32 %12, %struct.sys_desc_table* null, i32 0) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __ia32_sys_sendto ------------- Path:  Function:__ia32_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = inttoptr i64 %6 to i8* %19 = trunc i64 %11 to i32 %20 = inttoptr i64 %14 to %struct.sys_desc_table* %21 = trunc i64 %16 to i32 %22 = tail call i32 @__sys_sendto(i32 %17, i8* %18, i64 %9, i32 %19, %struct.sys_desc_table* %20, i32 %21) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __sys_sendto 1 __x64_sys_sendto ------------- Path:  Function:__x64_sys_sendto %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = bitcast i64* %11 to %struct.sys_desc_table** %13 = load %struct.sys_desc_table*, %struct.sys_desc_table** %12, align 8 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %10 to i32 %18 = trunc i64 %15 to i32 %19 = tail call i32 @__sys_sendto(i32 %16, i8* %6, i64 %8, i32 %17, %struct.sys_desc_table* %13, i32 %18) #69 Function:__sys_sendto %7 = alloca %struct.__kernel_sockaddr_storage, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = alloca %struct.iovec, align 8 %10 = bitcast %struct.__kernel_sockaddr_storage* %7 to i8* %11 = bitcast %struct.msghdr.250942* %8 to i8* %12 = bitcast %struct.iovec* %9 to i8* %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %8, i64 0, i32 2 %14 = call i32 @import_single_range(i32 1, i8* %1, i64 %2, %struct.iovec* nonnull %9, %struct.iov_iter* %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getrandom ------------- Path:  Function:__ia32_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %11 to i32 %14 = bitcast %struct.iov_iter* %2 to i8* %15 = bitcast %struct.iovec* %3 to i8* %16 = icmp ugt i32 %13, 7 %17 = and i32 %13, 6 %18 = icmp eq i32 %17, 6 %19 = or i1 %16, %18 br i1 %19, label %41, label %20 %21 = load i32, i32* @crng_init, align 4 %22 = icmp ult i32 %21, 2 %23 = and i32 %13, 4 %24 = icmp eq i32 %23, 0 %25 = and i1 %24, %22 br i1 %25, label %26, label %34, !prof !4, !misexpect !5 %27 = and i32 %13, 1 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %41 %30 = tail call i32 @wait_for_random_bytes() #69 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32, !prof !6, !misexpect !7 %35 = call i32 @import_single_range(i32 0, i8* %12, i64 %9, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getrandom ------------- Path:  Function:__x64_sys_getrandom %2 = alloca %struct.iov_iter, align 8 %3 = alloca %struct.iovec, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %10 to i32 %12 = bitcast %struct.iov_iter* %2 to i8* %13 = bitcast %struct.iovec* %3 to i8* %14 = icmp ugt i32 %11, 7 %15 = and i32 %11, 6 %16 = icmp eq i32 %15, 6 %17 = or i1 %14, %16 br i1 %17, label %39, label %18 %19 = load i32, i32* @crng_init, align 4 %20 = icmp ult i32 %19, 2 %21 = and i32 %11, 4 %22 = icmp eq i32 %21, 0 %23 = and i1 %22, %20 br i1 %23, label %24, label %32, !prof !4, !misexpect !5 %25 = and i32 %11, 1 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %39 %28 = tail call i32 @wait_for_random_bytes() #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30, !prof !6, !misexpect !7 %33 = call i32 @import_single_range(i32 0, i8* %6, i64 %8, %struct.iovec* nonnull %3, %struct.iov_iter* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_instantiate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %55 = inttoptr i64 %12 to i8* %56 = tail call i64 @keyctl_instantiate_key(i32 %20, i8* %55, i64 %15, i32 %23) #69 Function:keyctl_instantiate_key %5 = alloca %struct.iovec, align 8 %6 = alloca %struct.iov_iter, align 8 %7 = icmp ne i8* %1, null %8 = icmp ne i64 %2, 0 %9 = and i1 %7, %8 br i1 %9, label %10, label %21 %11 = bitcast %struct.iovec* %5 to i8* %12 = bitcast %struct.iov_iter* %6 to i8* %13 = call i32 @import_single_range(i32 1, i8* nonnull %1, i64 %2, %struct.iovec* nonnull %5, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %153 = trunc i64 %1 to i32 %154 = trunc i64 %4 to i32 %155 = icmp ne i64 %2, 0 %156 = icmp ne i64 %3, 0 %157 = and i1 %155, %156 br i1 %157, label %158, label %170 %159 = inttoptr i64 %2 to i8* %160 = bitcast %struct.iovec* %9 to i8* %161 = bitcast %struct.iov_iter* %10 to i8* %162 = call i32 @import_single_range(i32 1, i8* nonnull %159, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %153 = trunc i64 %1 to i32 %154 = trunc i64 %4 to i32 %155 = icmp ne i64 %2, 0 %156 = icmp ne i64 %3, 0 %157 = and i1 %155, %156 br i1 %157, label %158, label %170 %159 = inttoptr i64 %2 to i8* %160 = bitcast %struct.iovec* %9 to i8* %161 = bitcast %struct.iov_iter* %10 to i8* %162 = call i32 @import_single_range(i32 1, i8* nonnull %159, i64 %3, %struct.iovec* nonnull %9, %struct.iov_iter* nonnull %10) #69 ------------- Good: 7 Bad: 23 Ignored: 7 Check Use of Function:ext4_trim_fs Check Use of Function:set_fs_pwd Check Use of Function:nfs_swap_activate Check Use of Function:__ftrace_trace_stack Check Use of Function:mq_leaf Check Use of Function:proc_net_d_revalidate Check Use of Function:__efivar_entry_delete Check Use of Function:free_compound_page Check Use of Function:uart_shutdown Check Use of Function:fs_context_for_mount Check Use of Function:pin_insert Check Use of Function:track_pfn_insert Check Use of Function:wbinvd_on_cpu Check Use of Function:nfs_weak_revalidate Check Use of Function:sockfs_xattr_get Check Use of Function:task_set_jobctl_pending Check Use of Function:signal_wake_up_state Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_wait4 4 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_compat_sys_waitid 5 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ptrace_unlink 1 wait_consider_task 2 do_wait 3 kernel_waitid 4 __se_sys_waitid 5 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 ------------- Good: 19 Bad: 8 Ignored: 48 Check Use of Function:swsusp_free Check Use of Function:proc_ptrace_connector Check Use of Function:ext4_mark_inode_dirty Check Use of Function:vfs_get_tree Check Use of Function:jbd2_journal_abort Check Use of Function:tid_fd_revalidate Check Use of Function:nfs_lookup Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.194676, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.194676* %7 to i8* %15 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %18 = load %struct.inode.195275*, %struct.inode.195275** %17, align 8 %19 = icmp eq %struct.inode.195275* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %28 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 268435456 %31 = icmp eq i32 %30, 0 br i1 %31, label %306, label %237 %238 = phi %struct.dentry.195278* [ %92, %182 ], [ %92, %175 ], [ %92, %175 ], [ %1, %27 ] %239 = phi i32 [ 0, %182 ], [ 0, %175 ], [ 0, %175 ], [ 258, %27 ] %240 = phi i8 [ %94, %182 ], [ %94, %175 ], [ %94, %175 ], [ 0, %27 ] %241 = call %struct.dentry.195278* @nfs_lookup(%struct.inode.195275* %0, %struct.dentry.195278* %238, i32 %239) #70 ------------- Good: 0 Bad: 1 Ignored: 4 Check Use of Function:xt_compat_match_from_user Check Use of Function:path_init Check Use of Function:__mnt_want_write Check Use of Function:do_sys_open Use: =BAD PATH= Call Stack: 0 __ia32_sys_creat ------------- Path:  Function:__ia32_sys_creat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_sys_open(i32 -100, i8* %7, i32 33345, i16 zeroext %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_creat ------------- Path:  Function:__x64_sys_creat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_sys_open(i32 -100, i8* %4, i32 33345, i16 zeroext %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_openat ------------- Path:  Function:__ia32_compat_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i16 %15 = tail call i64 @do_sys_open(i32 %11, i8* %12, i32 %13, i16 zeroext %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_open ------------- Path:  Function:__ia32_compat_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_sys_open(i32 -100, i8* %9, i32 %10, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_openat ------------- Path:  Function:__ia32_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i16 %15 = or i32 %13, 32768 %16 = tail call i64 @do_sys_open(i32 %11, i8* %12, i32 %15, i16 zeroext %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_openat ------------- Path:  Function:__x64_sys_openat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i16 %14 = or i32 %12, 32768 %15 = tail call i64 @do_sys_open(i32 %11, i8* %6, i32 %14, i16 zeroext %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_open ------------- Path:  Function:__ia32_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i16 %12 = or i32 %10, 32768 %13 = tail call i64 @do_sys_open(i32 -100, i8* %9, i32 %12, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_open ------------- Path:  Function:__x64_sys_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i16 %11 = or i32 %9, 32768 %12 = tail call i64 @do_sys_open(i32 -100, i8* %4, i32 %11, i16 zeroext %10) #69 ------------- Good: 5 Bad: 8 Ignored: 0 Check Use of Function:freeary Check Use of Function:do_mknodat Use: =BAD PATH= Call Stack: 0 __ia32_sys_mknod ------------- Path:  Function:__ia32_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i32 %12 = tail call i64 @do_mknodat(i32 -100, i8* %9, i16 zeroext %10, i32 %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mknod ------------- Path:  Function:__x64_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i32 %11 = tail call i64 @do_mknodat(i32 -100, i8* %4, i16 zeroext %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_mknodat ------------- Path:  Function:__ia32_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i16 %14 = trunc i64 %10 to i32 %15 = tail call i64 @do_mknodat(i32 %11, i8* %12, i16 zeroext %13, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mknodat ------------- Path:  Function:__x64_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i16 %13 = trunc i64 %10 to i32 %14 = tail call i64 @do_mknodat(i32 %11, i8* %6, i16 zeroext %12, i32 %13) #69 ------------- Good: 5 Bad: 4 Ignored: 0 Check Use of Function:__ext4_msg Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %233 = bitcast %struct.efi_memory_desc_t* %17 to i8* %234 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 8 %235 = load i32, i32* %234, align 4 %236 = and i32 %235, 3 %237 = icmp eq i32 %236, 3 br i1 %237, label %238, label %287 %239 = inttoptr i64 %2 to i8* %240 = call i64 @_copy_from_user(i8* nonnull %233, i8* %239, i64 40) #70 %241 = icmp eq i64 %240, 0 br i1 %241, label %242, label %287 %243 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %17, i64 0, i32 5 store i64 0, i64* %243, align 8 %244 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %17, i64 0, i32 1 %245 = load i32, i32* %244, align 4 %246 = call i64 @__fdget(i32 %245) #70 %247 = and i64 %246, -4 %248 = inttoptr i64 %247 to %struct.file.179403* %249 = icmp eq i64 %247, 0 br i1 %249, label %287, label %250 %251 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %248, i64 0, i32 8 %252 = load i32, i32* %251, align 4 %253 = and i32 %252, 2 %254 = icmp eq i32 %253, 0 br i1 %254, label %280, label %255 %256 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 28 %257 = bitcast i8** %256 to %struct.ext4_sb_info.179720** %258 = load %struct.ext4_sb_info.179720*, %struct.ext4_sb_info.179720** %257, align 32 %259 = getelementptr inbounds %struct.ext4_sb_info.179720, %struct.ext4_sb_info.179720* %258, i64 0, i32 15 %260 = load %struct.ext4_super_block*, %struct.ext4_super_block** %259, align 8 %261 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %260, i64 0, i32 30 %262 = load i32, i32* %261, align 4 %263 = and i32 %262, 512 %264 = icmp eq i32 %263, 0 br i1 %264, label %266, label %265 call void (%struct.super_block.179547*, i8*, i8*, ...) bitcast (void (%struct.super_block.183404*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.179547*, i8*, i8*, ...)*)(%struct.super_block.179547* %27, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.18019, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.3.18021, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %233 = bitcast %struct.efi_memory_desc_t* %17 to i8* %234 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 8 %235 = load i32, i32* %234, align 4 %236 = and i32 %235, 3 %237 = icmp eq i32 %236, 3 br i1 %237, label %238, label %287 %239 = inttoptr i64 %2 to i8* %240 = call i64 @_copy_from_user(i8* nonnull %233, i8* %239, i64 40) #70 %241 = icmp eq i64 %240, 0 br i1 %241, label %242, label %287 %243 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %17, i64 0, i32 5 store i64 0, i64* %243, align 8 %244 = getelementptr inbounds %struct.efi_memory_desc_t, %struct.efi_memory_desc_t* %17, i64 0, i32 1 %245 = load i32, i32* %244, align 4 %246 = call i64 @__fdget(i32 %245) #70 %247 = and i64 %246, -4 %248 = inttoptr i64 %247 to %struct.file.179403* %249 = icmp eq i64 %247, 0 br i1 %249, label %287, label %250 %251 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %248, i64 0, i32 8 %252 = load i32, i32* %251, align 4 %253 = and i32 %252, 2 %254 = icmp eq i32 %253, 0 br i1 %254, label %280, label %255 %256 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 28 %257 = bitcast i8** %256 to %struct.ext4_sb_info.179720** %258 = load %struct.ext4_sb_info.179720*, %struct.ext4_sb_info.179720** %257, align 32 %259 = getelementptr inbounds %struct.ext4_sb_info.179720, %struct.ext4_sb_info.179720* %258, i64 0, i32 15 %260 = load %struct.ext4_super_block*, %struct.ext4_super_block** %259, align 8 %261 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %260, i64 0, i32 30 %262 = load i32, i32* %261, align 4 %263 = and i32 %262, 512 %264 = icmp eq i32 %263, 0 br i1 %264, label %266, label %265 call void (%struct.super_block.179547*, i8*, i8*, ...) bitcast (void (%struct.super_block.183404*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block.179547*, i8*, i8*, ...)*)(%struct.super_block.179547* %27, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.1.18019, i64 0, i64 0), i8* getelementptr inbounds ([42 x i8], [42 x i8]* @.str.3.18021, i64 0, i64 0)) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_readdir ------------- Path:  Function:ext4_readdir %3 = alloca i32, align 4 %4 = alloca %struct.hw_perf_event_extra, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 8 %8 = load %struct.super_block*, %struct.super_block** %7, align 8 %9 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 4 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 16384 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %827 %14 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 28 %15 = bitcast i8** %14 to %struct.ext4_sb_info** %16 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %15, align 32 %17 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %16, i64 0, i32 15 %18 = load %struct.ext4_super_block*, %struct.ext4_super_block** %17, align 8 %19 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %18, i64 0, i32 28 %20 = load i32, i32* %19, align 4 %21 = and i32 %20, 32 %22 = icmp eq i32 %21, 0 br i1 %22, label %531, label %23 %24 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 37 %25 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %24, i64 20 %26 = bitcast %struct.kuid_t* %25 to i64* %27 = load volatile i64, i64* %26, align 8 %28 = and i64 %27, 4096 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %47 %31 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 14 %32 = load i64, i64* %31, align 8 %33 = getelementptr inbounds %struct.super_block, %struct.super_block* %8, i64 0, i32 2 %34 = load i8, i8* %33, align 4 %35 = zext i8 %34 to i64 %36 = ashr i64 %32, %35 %37 = icmp eq i64 %36, 1 br i1 %37, label %47, label %38 %39 = load volatile i64, i64* %26, align 8 %40 = and i64 %39, 268435456 %41 = icmp eq i64 %40, 0 br i1 %41, label %531, label %42 %43 = bitcast %struct.kuid_t* %24 to %struct.ext4_inode_info* %44 = getelementptr inbounds %struct.ext4_inode_info, %struct.ext4_inode_info* %43, i64 0, i32 29 %45 = load i16, i16* %44, align 2 %46 = icmp eq i16 %45, 0 br i1 %46, label %531, label %47 %48 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %49 = bitcast i8** %48 to %struct.dir_private_info** %50 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %51 = icmp eq %struct.dir_private_info* %50, null br i1 %51, label %55, label %52 %56 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %57 = load i64, i64* %56, align 8 %58 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 6), align 16 %59 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %58, i32 3520, i64 48) #69 %60 = icmp eq i8* %59, null br i1 %60, label %827, label %61 %62 = bitcast i8* %59 to %struct.dir_private_info* %63 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %64 = load i32, i32* %63, align 4 %65 = and i32 %64, 512 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %87 %68 = and i32 %64, 1024 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %92 %71 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %72 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %71, i64 0, i32 0, i32 1 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 2 %75 = icmp eq i32 %74, 0 %76 = trunc i64 %57 to i32 %77 = shl i32 %76, 1 %78 = lshr i64 %57, 31 %79 = trunc i64 %78 to i32 %80 = and i32 %79, -2 %81 = select i1 %75, i32 %80, i32 %77 %82 = getelementptr inbounds i8, i8* %59, i64 32 %83 = bitcast i8* %82 to i32* store i32 %81, i32* %83, align 8 %84 = load i32, i32* %72, align 8 %85 = and i32 %84, 2 %86 = icmp eq i32 %85, 0 br i1 %86, label %98, label %100 %99 = trunc i64 %57 to i32 br label %100 %101 = phi i32 [ %99, %98 ], [ 0, %70 ], [ 0, %87 ] %102 = getelementptr inbounds i8, i8* %59, i64 36 %103 = bitcast i8* %102 to i32* store i32 %101, i32* %103, align 4 store i8* %59, i8** %48, align 8 br label %104 %105 = phi %struct.dir_private_info* [ %50, %52 ], [ %62, %100 ] %106 = phi i32 [ %54, %52 ], [ %64, %100 ] %107 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %108 = load i64, i64* %107, align 8 %109 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %110 = and i32 %106, 512 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %122 %113 = and i32 %106, 1024 %114 = icmp eq i32 %113, 0 br i1 %114, label %115, label %121 %116 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %117 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %116, i64 0, i32 0, i32 1 %118 = load i32, i32* %117, align 8 %119 = and i32 %118, 2 %120 = icmp eq i32 %119, 0 br i1 %120, label %121, label %122 br label %122 %123 = phi i64 [ 9223372036854775807, %121 ], [ 2147483647, %115 ], [ 2147483647, %104 ] %124 = icmp eq i64 %108, %123 br i1 %124, label %827, label %125 %126 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 3 %127 = load i64, i64* %126, align 8 %128 = icmp eq i64 %127, %108 br i1 %128, label %198, label %129 %199 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 2 %200 = load %struct.fname*, %struct.fname** %199, align 8 %201 = icmp eq %struct.fname* %200, null br i1 %201, label %272, label %202 %203 = load %struct.inode*, %struct.inode** %5, align 8 %204 = getelementptr inbounds %struct.inode, %struct.inode* %203, i64 0, i32 8 %205 = load %struct.super_block*, %struct.super_block** %204, align 8 %206 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 0 %207 = load i32, i32* %206, align 8 %208 = getelementptr inbounds %struct.fname, %struct.fname* %200, i64 0, i32 1 %209 = load i32, i32* %208, align 4 br i1 %111, label %210, label %219 %211 = and i32 %106, 1024 %212 = icmp eq i32 %211, 0 br i1 %212, label %213, label %222 %214 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %215 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %214, i64 0, i32 0, i32 1 %216 = load i32, i32* %215, align 8 %217 = and i32 %216, 2 %218 = icmp eq i32 %217, 0 br i1 %218, label %222, label %219 %223 = lshr i32 %207, 1 %224 = zext i32 %223 to i64 %225 = shl nuw nsw i64 %224, 32 %226 = zext i32 %209 to i64 %227 = or i64 %225, %226 br label %228 %229 = phi i64 [ %221, %219 ], [ %227, %222 ] store i64 %229, i64* %107, align 8 %230 = getelementptr inbounds %struct.super_block, %struct.super_block* %205, i64 0, i32 28 %231 = bitcast i8** %230 to %struct.ext4_sb_info** %232 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %233 %234 = phi %struct.fname* [ %200, %228 ], [ %266, %264 ] %235 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 7, i64 0 %236 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 5 %237 = load i8, i8* %236, align 4 %238 = zext i8 %237 to i32 %239 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 4 %240 = load i32, i32* %239, align 8 %241 = zext i32 %240 to i64 %242 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 6 %243 = load i8, i8* %242, align 1 %244 = load %struct.ext4_sb_info*, %struct.ext4_sb_info** %231, align 32 %245 = getelementptr inbounds %struct.ext4_sb_info, %struct.ext4_sb_info* %244, i64 0, i32 15 %246 = load %struct.ext4_super_block*, %struct.ext4_super_block** %245, align 8 %247 = getelementptr inbounds %struct.ext4_super_block, %struct.ext4_super_block* %246, i64 0, i32 29 %248 = load i32, i32* %247, align 8 %249 = and i32 %248, 2 %250 = icmp eq i32 %249, 0 %251 = icmp ugt i8 %243, 7 %252 = or i1 %251, %250 br i1 %252, label %257, label %253 %254 = zext i8 %243 to i64 %255 = getelementptr [8 x i8], [8 x i8]* @ext4_filetype_table, i64 0, i64 %254 %256 = load i8, i8* %255, align 1 br label %257 %258 = phi i8 [ %256, %253 ], [ 0, %233 ] %259 = zext i8 %258 to i32 %260 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %232, align 8 %261 = load i64, i64* %107, align 8 %262 = tail call i32 %260(%struct.dir_context* %1, i8* %235, i32 %238, i64 %261, i64 %241, i32 %259) #69 %263 = icmp eq i32 %262, 0 br i1 %263, label %264, label %268 %265 = getelementptr inbounds %struct.fname, %struct.fname* %234, i64 0, i32 3 %266 = load %struct.fname*, %struct.fname** %265, align 8 %267 = icmp eq %struct.fname* %266, null br i1 %267, label %271, label %233 store %struct.fname* null, %struct.fname** %199, align 8 br label %456 %457 = phi i32 [ 0, %271 ], [ %369, %384 ], [ %369, %449 ] %458 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %459 = load %struct.rb_node*, %struct.rb_node** %458, align 8 %460 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %459) #69 store %struct.rb_node* %460, %struct.rb_node** %458, align 8 %461 = icmp eq %struct.rb_node* %460, null %462 = bitcast %struct.rb_node* %460 to i8* br i1 %461, label %472, label %463 %473 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %474 = load i32, i32* %473, align 8 %475 = icmp eq i32 %474, -1 br i1 %475, label %476, label %492 %493 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 store i32 %474, i32* %493, align 8 %494 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 store i32 0, i32* %494, align 4 br label %282 %283 = phi i8* [ %462, %463 ], [ %462, %492 ], [ %276, %272 ], [ %281, %277 ] %284 = phi %struct.rb_node* [ %460, %463 ], [ null, %492 ], [ %274, %272 ], [ %280, %277 ] %285 = phi i32 [ %457, %463 ], [ %457, %492 ], [ 0, %272 ], [ 0, %277 ] %286 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 1 %287 = icmp eq %struct.rb_node* %284, null br i1 %287, label %295, label %288 %289 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 %290 = load i64, i64* %289, align 8 %291 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %292 = load volatile i64, i64* %291, align 8 %293 = lshr i64 %292, 1 %294 = icmp eq i64 %293, %290 br i1 %294, label %367, label %295 store %struct.rb_node* null, %struct.rb_node** %286, align 8 %296 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0 %297 = tail call %struct.rb_node* @rb_first_postorder(%struct.rb_root* %296) #69 %298 = icmp eq %struct.rb_node* %297, null %299 = getelementptr %struct.rb_node, %struct.rb_node* %297, i64 -1, i32 2 %300 = icmp eq %struct.rb_node** %299, null %301 = or i1 %298, %300 br i1 %301, label %321, label %302 %303 = bitcast %struct.rb_node** %299 to %struct.fname* br label %306 %307 = phi %struct.fname* [ %313, %304 ], [ %303, %302 ] %308 = getelementptr inbounds %struct.fname, %struct.fname* %307, i64 0, i32 2 %309 = tail call %struct.rb_node* @rb_next_postorder(%struct.rb_node* %308) #69 %310 = icmp eq %struct.rb_node* %309, null %311 = getelementptr %struct.rb_node, %struct.rb_node* %309, i64 -1, i32 2 %312 = bitcast %struct.rb_node** %311 to %struct.fname* %313 = select i1 %310, %struct.fname* null, %struct.fname* %312 %314 = icmp eq %struct.fname* %307, null br i1 %314, label %304, label %315 %316 = phi %struct.fname* [ %318, %315 ], [ %307, %306 ] %317 = getelementptr inbounds %struct.fname, %struct.fname* %316, i64 0, i32 3 %318 = load %struct.fname*, %struct.fname** %317, align 8 %319 = bitcast %struct.fname* %316 to i8* tail call void @kfree(i8* nonnull %319) #69 %320 = icmp eq %struct.fname* %318, null br i1 %320, label %304, label %315 %305 = icmp eq %struct.fname* %313, null br i1 %305, label %321, label %306 %322 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 0, i32 0 store %struct.rb_node* null, %struct.rb_node** %322, align 8 %323 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 33, i32 0 %324 = load volatile i64, i64* %323, align 8 br label %325 %326 = phi i64 [ %324, %321 ], [ %332, %330 ] %327 = and i64 %326, 1 %328 = icmp eq i64 %327, 0 br i1 %328, label %330, label %329 %331 = or i64 %326, 1 %332 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %323, i64 %331, i64 %326, i64* %323) #6, !srcloc !6 %333 = icmp eq i64 %332, %326 br i1 %333, label %334, label %325, !prof !7, !misexpect !8 %335 = lshr i64 %326, 1 %336 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 14 store i64 %335, i64* %336, align 8 %337 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 %338 = load i32, i32* %337, align 8 %339 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 %340 = load i32, i32* %339, align 4 %341 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 6 %342 = tail call i32 @ext4_htree_fill_tree(%struct.file* %0, i32 %338, i32 %340, i32* %341) #69 %343 = icmp slt i32 %342, 0 br i1 %343, label %344, label %346 %347 = icmp eq i32 %342, 0 br i1 %347, label %348, label %364 %365 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %296) #69 store %struct.rb_node* %365, %struct.rb_node** %286, align 8 %366 = bitcast %struct.rb_node* %365 to i8* br label %367 %368 = phi i8* [ %283, %288 ], [ %366, %364 ] %369 = phi i32 [ %285, %288 ], [ %342, %364 ] %370 = getelementptr i8, i8* %368, i64 -8 %371 = bitcast i8* %370 to %struct.fname* %372 = bitcast i8* %370 to i32* %373 = load i32, i32* %372, align 8 %374 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 4 store i32 %373, i32* %374, align 8 %375 = getelementptr i8, i8* %368, i64 -4 %376 = bitcast i8* %375 to i32* %377 = load i32, i32* %376, align 4 %378 = getelementptr inbounds %struct.dir_private_info, %struct.dir_private_info* %105, i64 0, i32 5 store i32 %377, i32* %378, align 4 %379 = load %struct.dir_private_info*, %struct.dir_private_info** %49, align 8 %380 = load %struct.inode*, %struct.inode** %5, align 8 %381 = getelementptr inbounds %struct.inode, %struct.inode* %380, i64 0, i32 8 %382 = load %struct.super_block*, %struct.super_block** %381, align 8 %383 = icmp eq i8* %370, null br i1 %383, label %384, label %389 %385 = getelementptr inbounds %struct.inode, %struct.inode* %380, i64 0, i32 11 %386 = load i64, i64* %385, align 8 %387 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %388 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %387, i64 0, i32 80, i64 0 tail call void (%struct.super_block*, i8*, i8*, ...) bitcast (void (%struct.super_block.183404*, i8*, i8*, ...)* @__ext4_msg to void (%struct.super_block*, i8*, i8*, ...)*)(%struct.super_block* %382, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.10.17759, i64 0, i64 0), i8* getelementptr inbounds ([54 x i8], [54 x i8]* @.str.11.17760, i64 0, i64 0), i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.call_filldir, i64 0, i64 0), i32 517, i64 %386, i8* %388) #69 ------------- Good: 830 Bad: 3 Ignored: 636 Check Use of Function:do_fchmodat Check Use of Function:compat_table_info Check Use of Function:ip_options_rcv_srr Check Use of Function:swap_type_of Check Use of Function:scsi_try_host_reset Check Use of Function:fifo_init Check Use of Function:xprt_unlock_connect Check Use of Function:exit_swap_address_space Check Use of Function:simple_unlink Check Use of Function:unlock_two_nondirectories Check Use of Function:cgroup_kn_unlock Check Use of Function:qdisc_create Check Use of Function:qdisc_notify Check Use of Function:__starget_for_each_device Check Use of Function:netlink_ack Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff.245212* %0, i32 (%struct.sk_buff.245212*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #69 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff.245212* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #69 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff.245212* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #70 ------------- Use: =BAD PATH= Call Stack: 0 netlink_rcv_skb 1 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff.245212*, i32 (%struct.sk_buff.245212*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.657325*, i32 (%struct.sk_buff.657325*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.657325* %0, i32 (%struct.sk_buff.657325*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #69 Function:netlink_rcv_skb %3 = alloca %struct.netlink_ext_ack, align 8 %4 = bitcast %struct.netlink_ext_ack* %3 to i8* %5 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %0, i64 0, i32 6 %6 = load i32, i32* %5, align 8 %7 = icmp ult i32 %6, 16 br i1 %7, label %51, label %8 %9 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %0, i64 0, i32 41 %10 = bitcast i8** %9 to %struct.nlmsghdr** br label %11 %12 = phi i32 [ %6, %8 ], [ %49, %41 ] %13 = load %struct.nlmsghdr*, %struct.nlmsghdr** %10, align 8 %14 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp ult i32 %15, 16 %17 = icmp ult i32 %12, %15 %18 = or i1 %16, %17 br i1 %18, label %51, label %19 %20 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 2 %21 = load i16, i16* %20, align 2 %22 = and i16 %21, 1 %23 = icmp eq i16 %22, 0 br i1 %23, label %33, label %24 %25 = getelementptr inbounds %struct.nlmsghdr, %struct.nlmsghdr* %13, i64 0, i32 1 %26 = load i16, i16* %25, align 4 %27 = icmp ult i16 %26, 16 br i1 %27, label %33, label %28 %29 = call i32 %1(%struct.sk_buff.245212* %0, %struct.nlmsghdr* %13, %struct.netlink_ext_ack* nonnull %3) #69 %30 = icmp eq i32 %29, -4 br i1 %30, label %41, label %31 %32 = load i16, i16* %20, align 2 br label %33 %34 = phi i16 [ %21, %24 ], [ %32, %31 ], [ %21, %19 ] %35 = phi i32 [ 0, %24 ], [ %29, %31 ], [ 0, %19 ] %36 = and i16 %34, 4 %37 = icmp ne i16 %36, 0 %38 = icmp ne i32 %35, 0 %39 = or i1 %38, %37 br i1 %39, label %40, label %41 call void @netlink_ack(%struct.sk_buff.245212* %0, %struct.nlmsghdr* %13, i32 %35, %struct.netlink_ext_ack* nonnull %3) #70 ------------- Good: 16 Bad: 2 Ignored: 9 Check Use of Function:nfs_lookup_revalidate Check Use of Function:fib_table_delete Check Use of Function:nfs4_xattr_get_nfs4_acl Check Use of Function:swap_inode_data Check Use of Function:ext4_force_commit Check Use of Function:mount_too_revealing Check Use of Function:__icmp_send Use: =BAD PATH= Call Stack: 0 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.707029*, %struct.net_device.707029** %78, align 8 %80 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.706629*, %struct.net.706629** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.706629* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.706937* %0, i32* null) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void bitcast (void (%struct.sk_buff.729278*, i32, i32, i32, %struct.ip_options*)* @__icmp_send to void (%struct.sk_buff.706937*, i32, i32, i32, %struct.ip_options*)*)(%struct.sk_buff.706937* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #69 ------------- Good: 14 Bad: 1 Ignored: 50 Check Use of Function:kthread_create_on_cpu Check Use of Function:audit_seccomp_actions_logged Check Use of Function:security_kernel_load_data Check Use of Function:walk_component Check Use of Function:qdisc_get_stab Check Use of Function:blkdev_read_iter Check Use of Function:dm_issue_global_event Check Use of Function:strndup_user Use: =BAD PATH= Call Stack: 0 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf.520586** %8 = load %struct.dma_buf.520586*, %struct.dma_buf.520586** %7, align 8 switch i32 %1, label %80 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 dma_buf_ioctl ------------- Path:  Function:dma_buf_ioctl %4 = alloca %struct.anon.1, align 8 %5 = bitcast %struct.anon.1* %4 to i8* %6 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.dma_buf.520586** %8 = load %struct.dma_buf.520586*, %struct.dma_buf.520586** %7, align 8 switch i32 %1, label %80 [ i32 1074291200, label %9 i32 1074029057, label %58 i32 1074291201, label %58 ] %59 = inttoptr i64 %2 to i8* %60 = tail call i8* @strndup_user(i8* %59, i64 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %265 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %266 = inttoptr i64 %2 to i8* %267 = inttoptr i64 %3 to i8* %268 = inttoptr i64 %4 to i8* %269 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %265, i8* %266, i8* %267, i8* %268) #69 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.221069, align 8 %8 = bitcast %struct.kernel_pkey_params.221069* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.221069* nonnull %7) #69 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.221069* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __se_sys_keyctl 3 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %265 = inttoptr i64 %1 to %struct.keyctl_pkey_params* %266 = inttoptr i64 %2 to i8* %267 = inttoptr i64 %3 to i8* %268 = inttoptr i64 %4 to i8* %269 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %265, i8* %266, i8* %267, i8* %268) #69 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.221069, align 8 %8 = bitcast %struct.kernel_pkey_params.221069* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.221069* nonnull %7) #69 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.221069* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_pkey_params_get 1 keyctl_pkey_verify 2 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %107 = inttoptr i64 %9 to %struct.keyctl_pkey_params* %108 = inttoptr i64 %12 to i8* %109 = inttoptr i64 %15 to i8* %110 = inttoptr i64 %18 to i8* %111 = tail call i64 @keyctl_pkey_verify(%struct.keyctl_pkey_params* %107, i8* %108, i8* %109, i8* %110) #69 Function:keyctl_pkey_verify %5 = alloca %struct.keyctl_pkey_params, align 4 %6 = alloca %struct.kernel_pkey_query, align 4 %7 = alloca %struct.kernel_pkey_params.221069, align 8 %8 = bitcast %struct.kernel_pkey_params.221069* %7 to i8* %9 = bitcast %struct.keyctl_pkey_params* %5 to i8* %10 = bitcast %struct.kernel_pkey_query* %6 to i8* %11 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %7, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %11, align 8 %12 = bitcast %struct.keyctl_pkey_params* %0 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* %12, i64 40) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %43 %16 = getelementptr inbounds %struct.keyctl_pkey_params, %struct.keyctl_pkey_params* %5, i64 0, i32 0 %17 = load i32, i32* %16, align 4 %18 = call fastcc i32 @keyctl_pkey_params_get(i32 %17, i8* %1, %struct.kernel_pkey_params.221069* nonnull %7) #69 Function:keyctl_pkey_params_get %4 = alloca i64, align 8 %5 = alloca [3 x %struct.smca_bank_name], align 16 %6 = alloca i8*, align 8 %7 = bitcast %struct.kernel_pkey_params.221069* %2 to i8* %8 = getelementptr inbounds %struct.kernel_pkey_params.221069, %struct.kernel_pkey_params.221069* %2, i64 0, i32 1 store i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.1.22267, i64 0, i64 0), i8** %8, align 8 %9 = tail call i8* @strndup_user(i8* %1, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %27 = icmp eq i64 %1, 0 br i1 %27, label %37, label %28 %29 = inttoptr i64 %1 to i8* %30 = tail call i8* @strndup_user(i8* nonnull %29, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %44 = inttoptr i64 %12 to i8* %45 = inttoptr i64 %15 to i8* %46 = tail call i64 @keyctl_keyring_search(i32 %20, i8* %44, i8* %45, i32 %23) #69 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #69 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #69 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #69 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_search 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %111 = trunc i64 %1 to i32 %112 = inttoptr i64 %2 to i8* %113 = inttoptr i64 %3 to i8* %114 = trunc i64 %4 to i32 %115 = tail call i64 @keyctl_keyring_search(i32 %111, i8* %112, i8* %113, i32 %114) #69 Function:keyctl_keyring_search %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 32) #69 %8 = trunc i64 %7 to i32 %9 = icmp slt i32 %8, 0 br i1 %9, label %16, label %10 %11 = add nsw i32 %8, -1 %12 = icmp ugt i32 %11, 30 br i1 %12, label %16, label %13 %14 = load i8, i8* %6, align 16 %15 = icmp eq i8 %14, 46 br i1 %15, label %16, label %20 %21 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %21, align 1 %22 = call i8* @strndup_user(i8* %2, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_join_session_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %27 = inttoptr i64 %9 to i8* %28 = tail call i64 @keyctl_join_session_keyring(i8* %27) #69 Function:keyctl_join_session_keyring %2 = icmp eq i8* %0, null br i1 %2, label %11, label %3 %4 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __ia32_sys_request_key ------------- Path:  Function:__ia32_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_request_key(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #69 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_request_key 1 __x64_sys_request_key ------------- Path:  Function:__x64_sys_request_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_request_key(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_request_key %5 = alloca [32 x i8], align 16 %6 = inttoptr i64 %0 to i8* %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %3 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %11 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %6, i64 32) #69 %12 = trunc i64 %11 to i32 %13 = icmp slt i32 %12, 0 br i1 %13, label %20, label %14 %15 = add nsw i32 %12, -1 %16 = icmp ugt i32 %15, 30 br i1 %16, label %20, label %17 %18 = load i8, i8* %10, align 16 %19 = icmp eq i8 %18, 46 br i1 %19, label %20, label %24 %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 31 store i8 0, i8* %25, align 1 %26 = call i8* @strndup_user(i8* %7, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __ia32_sys_fsconfig ------------- Path:  Function:__ia32_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsconfig(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %85 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 2, i8* %85, align 8 %86 = tail call i8* @strndup_user(i8* %10, i64 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __x64_sys_fsconfig ------------- Path:  Function:__x64_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsconfig(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %85 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 2, i8* %85, align 8 %86 = tail call i8* @strndup_user(i8* %10, i64 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __ia32_sys_fsconfig ------------- Path:  Function:__ia32_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsconfig(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __x64_sys_fsconfig ------------- Path:  Function:__x64_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsconfig(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %4 to i8* %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %10 to i8* %20 = inttoptr i64 %16 to i8* %21 = tail call i32 @ksys_mount(i8* %17, i8* %18, i8* %19, i64 %13, i8* %20) #69 Function:ksys_mount %6 = icmp eq i8* %2, null br i1 %6, label %11, label %7 %12 = phi i8* [ %8, %7 ], [ null, %5 ] %13 = icmp eq i8* %0, null br i1 %13, label %18, label %14 %15 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = bitcast i64* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = tail call i32 @ksys_mount(i8* %4, i8* %7, i8* %10, i64 %12, i8* %15) #69 Function:ksys_mount %6 = icmp eq i8* %2, null br i1 %6, label %11, label %7 %12 = phi i8* [ %8, %7 ], [ null, %5 ] %13 = icmp eq i8* %0, null br i1 %13, label %18, label %14 %15 = tail call i8* @strndup_user(i8* nonnull %0, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mount 1 __ia32_sys_mount ------------- Path:  Function:__ia32_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %4 to i8* %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %10 to i8* %20 = inttoptr i64 %16 to i8* %21 = tail call i32 @ksys_mount(i8* %17, i8* %18, i8* %19, i64 %13, i8* %20) #69 Function:ksys_mount %6 = icmp eq i8* %2, null br i1 %6, label %11, label %7 %8 = tail call i8* @strndup_user(i8* nonnull %2, i64 4096) #69 ------------- Use: =BAD PATH= Call Stack: 0 ksys_mount 1 __x64_sys_mount ------------- Path:  Function:__x64_sys_mount %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to i8** %10 = load i8*, i8** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = bitcast i64* %13 to i8** %15 = load i8*, i8** %14, align 8 %16 = tail call i32 @ksys_mount(i8* %4, i8* %7, i8* %10, i64 %12, i8* %15) #69 Function:ksys_mount %6 = icmp eq i8* %2, null br i1 %6, label %11, label %7 %8 = tail call i8* @strndup_user(i8* nonnull %2, i64 4096) #69 ------------- Good: 22 Bad: 25 Ignored: 5 Check Use of Function:netdev_state_change Check Use of Function:wake_up_q Check Use of Function:invalidate_bdev Check Use of Function:xt_compat_lock Check Use of Function:ipip6_newlink Check Use of Function:__mark_inode_dirty Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = tail call i32 @fat_truncate_time(%struct.inode* %0, %struct.anon.54* %1, i32 %2) #69 %9 = and i32 %2, 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %13 = load volatile i64, i64* %12, align 8 br label %14 %15 = phi i64 [ %13, %11 ], [ %21, %18 ] %16 = and i64 %15, 1 %17 = icmp eq i64 %16, 0 br i1 %17, label %23, label %18 %19 = add i64 %15, 2 %20 = and i64 %19, -2 %21 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %20, i64 %15, i64* %12) #6, !srcloc !5 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %14, !prof !6, !misexpect !7 %24 = phi i8 [ 0, %7 ], [ 1, %18 ], [ 0, %14 ] %25 = and i32 %2, 7 %26 = icmp eq i32 %25, 0 br i1 %26, label %35, label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 10 %31 = load i64, i64* %30, align 16 %32 = and i64 %31, 33554432 %33 = icmp eq i64 %32, 0 %34 = select i1 %33, i8 1, i8 %24 br label %35 %36 = phi i8 [ %24, %23 ], [ %34, %27 ] %37 = icmp eq i8 %36, 0 %38 = select i1 %37, i32 2048, i32 2049 tail call void bitcast (void (%struct.inode.108461*, i32)* @__mark_inode_dirty to void (%struct.inode*, i32)*)(%struct.inode* %0, i32 %38) #70 ------------- Use: =BAD PATH= Call Stack: 0 fat_update_time ------------- Path:  Function:fat_update_time %4 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 1 br i1 %6, label %39, label %7 %8 = tail call i32 @fat_truncate_time(%struct.inode* %0, %struct.anon.54* %1, i32 %2) #69 %9 = and i32 %2, 8 %10 = icmp eq i32 %9, 0 br i1 %10, label %23, label %11 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 33, i32 0 %13 = load volatile i64, i64* %12, align 8 br label %14 %15 = phi i64 [ %13, %11 ], [ %21, %18 ] %16 = and i64 %15, 1 %17 = icmp eq i64 %16, 0 br i1 %17, label %23, label %18 %19 = add i64 %15, 2 %20 = and i64 %19, -2 %21 = tail call i64 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgq $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %12, i64 %20, i64 %15, i64* %12) #6, !srcloc !5 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %14, !prof !6, !misexpect !7 %24 = phi i8 [ 0, %7 ], [ 1, %18 ], [ 0, %14 ] %25 = and i32 %2, 7 %26 = icmp eq i32 %25, 0 br i1 %26, label %35, label %27 %28 = getelementptr inbounds %struct.inode, %struct.inode* %0, i64 0, i32 8 %29 = load %struct.super_block*, %struct.super_block** %28, align 8 %30 = getelementptr inbounds %struct.super_block, %struct.super_block* %29, i64 0, i32 10 %31 = load i64, i64* %30, align 16 %32 = and i64 %31, 33554432 %33 = icmp eq i64 %32, 0 %34 = select i1 %33, i8 1, i8 %24 br label %35 %36 = phi i8 [ %24, %23 ], [ %34, %27 ] %37 = icmp eq i8 %36, 0 %38 = select i1 %37, i32 2048, i32 2049 tail call void bitcast (void (%struct.inode.108461*, i32)* @__mark_inode_dirty to void (%struct.inode*, i32)*)(%struct.inode* %0, i32 %38) #70 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fsync ------------- Path:  Function:__x64_sys_fsync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget(i32 %4) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.141350* %8 = icmp eq i64 %6, 0 br i1 %8, label %36, label %9 %10 = getelementptr inbounds %struct.file.141350, %struct.file.141350* %7, i64 0, i32 19 %11 = load %struct.address_space.141075*, %struct.address_space.141075** %10, align 8 %12 = getelementptr inbounds %struct.address_space.141075, %struct.address_space.141075* %11, i64 0, i32 0 %13 = load %struct.inode.141362*, %struct.inode.141362** %12, align 8 %14 = getelementptr inbounds %struct.file.141350, %struct.file.141350* %7, i64 0, i32 3 %15 = load %struct.file_operations.141347*, %struct.file_operations.141347** %14, align 8 %16 = getelementptr inbounds %struct.file_operations.141347, %struct.file_operations.141347* %15, i64 0, i32 17 %17 = load i32 (%struct.file.141350*, i64, i64, i32)*, i32 (%struct.file.141350*, i64, i64, i32)** %16, align 8 %18 = icmp eq i32 (%struct.file.141350*, i64, i64, i32)* %17, null br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.inode.141362, %struct.inode.141362* %13, i64 0, i32 23 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2048 %23 = icmp eq i64 %22, 0 br i1 %23, label %28, label %24 tail call void bitcast (void (%struct.inode.108461*, i32)* @__mark_inode_dirty to void (%struct.inode.141362*, i32)*)(%struct.inode.141362* %13, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fsync ------------- Path:  Function:__ia32_sys_fsync %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = tail call i64 @__fdget(i32 %4) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.141350* %8 = icmp eq i64 %6, 0 br i1 %8, label %36, label %9 %10 = getelementptr inbounds %struct.file.141350, %struct.file.141350* %7, i64 0, i32 19 %11 = load %struct.address_space.141075*, %struct.address_space.141075** %10, align 8 %12 = getelementptr inbounds %struct.address_space.141075, %struct.address_space.141075* %11, i64 0, i32 0 %13 = load %struct.inode.141362*, %struct.inode.141362** %12, align 8 %14 = getelementptr inbounds %struct.file.141350, %struct.file.141350* %7, i64 0, i32 3 %15 = load %struct.file_operations.141347*, %struct.file_operations.141347** %14, align 8 %16 = getelementptr inbounds %struct.file_operations.141347, %struct.file_operations.141347* %15, i64 0, i32 17 %17 = load i32 (%struct.file.141350*, i64, i64, i32)*, i32 (%struct.file.141350*, i64, i64, i32)** %16, align 8 %18 = icmp eq i32 (%struct.file.141350*, i64, i64, i32)* %17, null br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.inode.141362, %struct.inode.141362* %13, i64 0, i32 23 %21 = load i64, i64* %20, align 8 %22 = and i64 %21, 2048 %23 = icmp eq i64 %22, 0 br i1 %23, label %28, label %24 tail call void bitcast (void (%struct.inode.108461*, i32)* @__mark_inode_dirty to void (%struct.inode.141362*, i32)*)(%struct.inode.141362* %13, i32 1) #69 ------------- Good: 451 Bad: 4 Ignored: 556 Check Use of Function:__mnt_drop_write Check Use of Function:msdos_unlink Check Use of Function:hibernation_restore Check Use of Function:free_netdev Check Use of Function:__tcf_get_next_proto Check Use of Function:sr_audio_ioctl Check Use of Function:populate_vma_page_range Check Use of Function:mmc_ioctl_dvd_auth Check Use of Function:bpf_get_trace_printk_proto Check Use of Function:crypto_shash_update Check Use of Function:mmc_ioctl_cdrom_read_audio Check Use of Function:n_tty_open Check Use of Function:sr_get_last_session Check Use of Function:ipv6_chk_addr_and_flags Check Use of Function:xt_compat_target_from_user Check Use of Function:uart_startup Check Use of Function:nfs_rmdir Check Use of Function:dst_release Use: =BAD PATH= Call Stack: 0 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %4 = icmp eq %struct.dst_entry.768684* %0, null br i1 %4, label %66, label %5 %6 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.768659** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %65, label %11 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.768684*)*)(%struct.dst_entry.768684* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 rt6_remove_exception 1 fib6_nh_remove_exception 2 ip6_negative_advice ------------- Path:  Function:ip6_negative_advice %2 = alloca %struct.fib6_nh_excptn_arg, align 8 %3 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %4 = icmp eq %struct.dst_entry.768684* %0, null br i1 %4, label %66, label %5 %6 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %7 = bitcast %struct.lwtunnel_state.768659** %6 to i32* %8 = load i32, i32* %7, align 8 %9 = and i32 %8, 16777216 %10 = icmp eq i32 %9, 0 br i1 %10, label %65, label %11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %12 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1 %13 = bitcast %struct.dst_entry.768684* %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.fib6_info.768700* %16 = load i32, i32* %7, align 8 %17 = and i32 %16, 4194304 %18 = icmp eq i32 %17, 0 br i1 %18, label %25, label %19 %26 = icmp eq i64 %14, 0 br i1 %26, label %63, label %27 %28 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 8 %29 = load i16, i16* %28, align 2 %30 = icmp eq i16 %29, -1 br i1 %30, label %31, label %42 %43 = load volatile i64, i64* %13, align 8 %44 = inttoptr i64 %43 to %struct.fib6_info.768700* %45 = icmp eq i64 %43, 0 %46 = and i32 %16, 16777216 %47 = icmp eq i32 %46, 0 %48 = or i1 %47, %45 br i1 %48, label %63, label %49 %50 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 17 %51 = load %struct.nexthop.768696*, %struct.nexthop.768696** %50, align 8 %52 = icmp eq %struct.nexthop.768696* %51, null br i1 %52, label %60, label %53 %61 = getelementptr inbounds %struct.fib6_info.768700, %struct.fib6_info.768700* %44, i64 0, i32 18, i64 0 %62 = tail call fastcc i32 @fib6_nh_remove_exception(%struct.fib6_nh.768699* %61, %struct.rt6_info.768697* nonnull %3) #69 Function:fib6_nh_remove_exception %3 = alloca %struct.anon.234, align 8 %4 = alloca i64, align 8 %5 = getelementptr inbounds %struct.fib6_nh.768699, %struct.fib6_nh.768699* %0, i64 0, i32 2 %6 = bitcast %struct.rt6_exception_bucket** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = icmp eq i64 %7, 0 br i1 %8, label %64, label %9 tail call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @rt6_exception_lock, i64 0, i32 0, i32 0)) #69 %10 = load %struct.rt6_exception_bucket*, %struct.rt6_exception_bucket** %5, align 8 %11 = icmp eq %struct.rt6_exception_bucket* %10, null %12 = ptrtoint %struct.rt6_exception_bucket* %10 to i64 %13 = and i64 %12, -2 %14 = inttoptr i64 %13 to %struct.rt6_exception_bucket* %15 = select i1 %11, %struct.rt6_exception_bucket* null, %struct.rt6_exception_bucket* %14 %16 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0 %17 = icmp ne %struct.rt6_exception_bucket* %15, null %18 = icmp ne %struct.in6_addr* %16, null %19 = and i1 %18, %17 br i1 %19, label %20, label %62 %21 = bitcast %struct.anon.234* %3 to i8* %22 = bitcast %struct.in6_addr* %16 to i8* %23 = getelementptr inbounds %struct.anon.234, %struct.anon.234* %3, i64 0, i32 1 %24 = bitcast %struct.in6_addr* %23 to i8* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @rt6_exception_hash.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@fib6_nh_remove_exception, %25)) #6 to label %30 [label %25], !srcloc !4 %31 = call i64 @__siphash_unaligned(i8* nonnull %21, i64 32, %struct.siphash_key_t* nonnull @rt6_exception_hash.rt6_exception_key) #69 %32 = mul i64 %31, 7046029254386353131 %33 = lshr i64 %32, 54 %34 = getelementptr %struct.rt6_exception_bucket, %struct.rt6_exception_bucket* %15, i64 %33 %35 = bitcast %struct.rt6_exception_bucket* %34 to %struct.rt6_exception** %36 = load %struct.rt6_exception*, %struct.rt6_exception** %35, align 8 %37 = icmp eq %struct.rt6_exception* %36, null br i1 %37, label %62, label %38 %39 = bitcast %struct.in6_addr* %16 to i64* %40 = load i64, i64* %39, align 8 %41 = getelementptr %struct.rt6_info.768697, %struct.rt6_info.768697* %1, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %42 = bitcast i32* %41 to i64* %43 = load i64, i64* %42, align 8 br label %44 %45 = phi %struct.rt6_exception* [ %36, %38 ], [ %59, %57 ] %46 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %45, i64 0, i32 1 %47 = load %struct.rt6_info.768697*, %struct.rt6_info.768697** %46, align 8 %48 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %47, i64 0, i32 3, i32 0 %49 = bitcast %struct.in6_addr* %48 to i64* %50 = load i64, i64* %49, align 8 %51 = getelementptr %struct.rt6_info.768697, %struct.rt6_info.768697* %47, i64 0, i32 3, i32 0, i32 0, i32 0, i64 2 %52 = bitcast i32* %51 to i64* %53 = load i64, i64* %52, align 8 %54 = icmp eq i64 %40, %50 %55 = icmp eq i64 %43, %53 %56 = and i1 %54, %55 br i1 %56, label %61, label %57 call fastcc void @rt6_remove_exception(%struct.rt6_exception_bucket* %34, %struct.rt6_exception* nonnull %45) #70 Function:rt6_remove_exception %3 = icmp ne %struct.rt6_exception_bucket* %0, null %4 = icmp ne %struct.rt6_exception* %1, null %5 = and i1 %3, %4 br i1 %5, label %6, label %58 %7 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 1 %8 = load %struct.rt6_info.768697*, %struct.rt6_info.768697** %7, align 8 %9 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %8, i64 0, i32 0, i32 0 %10 = load %struct.net_device.768790*, %struct.net_device.768790** %9, align 8 %11 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %10, i64 0, i32 107, i32 0 %12 = load %struct.net.768909*, %struct.net.768909** %11, align 8 %13 = getelementptr inbounds %struct.net.768909, %struct.net.768909* %12, i64 0, i32 35, i32 12 %14 = load %struct.rt6_statistics*, %struct.rt6_statistics** %13, align 32 %15 = getelementptr inbounds %struct.rt6_statistics, %struct.rt6_statistics* %14, i64 0, i32 3 %16 = load i32, i32* %15, align 4 %17 = add i32 %16, -1 store i32 %17, i32* %15, align 4 %18 = load %struct.rt6_info.768697*, %struct.rt6_info.768697** %7, align 8 %19 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %18, i64 0, i32 1 %20 = tail call %struct.fib6_info.768700* asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(%struct.fib6_info.768700** %19, %struct.fib6_info.768700* null, %struct.fib6_info.768700** %19) #6, !srcloc !4 %21 = icmp eq %struct.fib6_info.768700* %20, null br i1 %21, label %34, label %22 %35 = load %struct.rt6_info.768697*, %struct.rt6_info.768697** %7, align 8 %36 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %35, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_dev_put to void (%struct.dst_entry.768684*)*)(%struct.dst_entry.768684* %36) #69 %37 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 0 %38 = load %struct.hlist_node*, %struct.hlist_node** %37, align 8 %39 = getelementptr inbounds %struct.rt6_exception, %struct.rt6_exception* %1, i64 0, i32 0, i32 1 %40 = load %struct.hlist_node**, %struct.hlist_node*** %39, align 8 %41 = ptrtoint %struct.hlist_node* %38 to i64 %42 = bitcast %struct.hlist_node** %40 to i64* store volatile i64 %41, i64* %42, align 8 %43 = icmp eq %struct.hlist_node* %38, null br i1 %43, label %46, label %44 store %struct.hlist_node** inttoptr (i64 -2401263026318606046 to %struct.hlist_node**), %struct.hlist_node*** %39, align 8 %47 = load %struct.rt6_info.768697*, %struct.rt6_info.768697** %7, align 8 %48 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %47, i64 0, i32 0 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.768684*)*)(%struct.dst_entry.768684* %48) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2136 %3 = bitcast i8* %2 to %struct.net_device.707029** store %struct.net_device.707029* %0, %struct.net_device.707029** %3, align 8 %4 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.706629** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2200 %10 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.707029* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2248 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %10 = bitcast i8* %9 to %struct.net.706629** %11 = load %struct.net.706629*, %struct.net.706629** %10, align 8 %12 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2244 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2233 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2216 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.nlattr* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.706564* @ip_route_output_flow(%struct.net.706629* %11, %struct.flowi4* nonnull %2, %struct.sock.706927* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.707040, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.707040* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.706564* @ip_route_output_key_hash_rcu(%struct.net.706629* %0, %struct.flowi4* %1, %struct.fib_result.707040* nonnull %4, %struct.sk_buff.706937* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %185, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %87, label %43 %44 = tail call %struct.net_device.707029* bitcast (%struct.net_device.653918* (%struct.net.653816*, i32)* @dev_get_by_index_rcu to %struct.net_device.707029* (%struct.net.706629*, i32)*)(%struct.net.706629* %0, i32 %41) #69 %45 = icmp eq %struct.net_device.707029* %44, null br i1 %45, label %185, label %46 %47 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 34 %48 = load i32, i32* %47, align 8 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %185, label %51 %52 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 67 %53 = bitcast %struct.in_device.706989** %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %185, label %56 %57 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 16777215 %60 = icmp eq i32 %59, 224 %61 = icmp eq i32 %58, -1 %62 = or i1 %61, %60 br i1 %62, label %67, label %63 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %65 = load i8, i8* %64, align 2 %66 = icmp eq i8 %65, 2 br i1 %66, label %67, label %72 %68 = load i32, i32* %7, align 8 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %180 %181 = phi i32 [ 0, %27 ], [ %6, %67 ], [ %6, %70 ], [ %6, %144 ], [ %172, %166 ], [ %6, %175 ], [ %6, %96 ] %182 = phi i32 [ 0, %27 ], [ 0, %67 ], [ 0, %70 ], [ 0, %144 ], [ -2147483648, %166 ], [ 0, %175 ], [ -2147483648, %96 ] %183 = phi %struct.net_device.707029* [ %25, %27 ], [ %44, %67 ], [ %44, %70 ], [ %88, %144 ], [ %169, %166 ], [ %179, %175 ], [ %98, %96 ] %184 = tail call fastcc %struct.rtable.706564* @__mkroute_output(%struct.fib_result.707040* %2, %struct.flowi4* %1, i32 %181, %struct.net_device.707029* %183, i32 %182) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 7 %8 = load %struct.fib_info.706568*, %struct.fib_info.706568** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.706989** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.706989* %16 = icmp eq i64 %14, 0 br i1 %16, label %303, label %17 %18 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 0 %19 = load %struct.net_device.707029*, %struct.net_device.707029** %18, align 8 %20 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.706629*, %struct.net.706629** %20, align 8 %22 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %21, i64 0, i32 34, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %303, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 br label %69 %70 = phi i32 [ %4, %55 ], [ %64, %59 ] %71 = phi i32* [ %56, %55 ], [ %60, %59 ] %72 = or i32 %70, -1610612736 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %74 = load i32, i32* %73, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %76 = load i8, i8* %75, align 2 %77 = tail call i32 bitcast (i32 (%struct.in_device.731361*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.706989*, i32, i32, i8)*)(%struct.in_device.706989* nonnull %15, i32 %48, i32 %74, i8 zeroext %76) #69 %78 = icmp eq i32 %77, 0 %79 = and i32 %72, 2147483647 %80 = select i1 %78, i32 %79, i32 %72 %81 = icmp eq %struct.fib_info.706568* %8, null br i1 %81, label %212, label %82 %83 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 1 %84 = load i8, i8* %83, align 4 %85 = icmp ult i8 %84, 4 br i1 %85, label %212, label %86 %87 = zext i1 %78 to i32 %88 = zext i1 %78 to i8 %89 = load i32, i32* %47, align 4 br label %105 %106 = phi i32 [ %89, %86 ], [ %48, %99 ] %107 = phi i8 [ %88, %86 ], [ %104, %99 ] %108 = phi i32 [ %87, %86 ], [ %103, %99 ] %109 = phi i32 [ %80, %86 ], [ %64, %99 ] %110 = phi i16 [ 5, %86 ], [ %11, %99 ] %111 = phi i32* [ %71, %86 ], [ %60, %99 ] %112 = icmp eq i32 %108, 0 %113 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 6 %114 = load %struct.fib_nh_common.706567*, %struct.fib_nh_common.706567** %113, align 8 %115 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %114, i64 0, i32 12 %116 = bitcast %struct.fnhe_hash_bucket.706566** %115 to i64* %117 = load volatile i64, i64* %116, align 8 %118 = icmp eq i64 %117, 0 br i1 %118, label %154, label %119 %120 = inttoptr i64 %117 to %struct.fnhe_hash_bucket.706566* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %121)) #6 to label %126 [label %121], !srcloc !6 %127 = call i64 @siphash_1u32(i32 %106, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %128 = mul i64 %127, 7046029254386353131 %129 = lshr i64 %128, 53 %130 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %120, i64 %129, i32 0 %131 = bitcast %struct.fib_nh_exception.706565** %130 to i64* %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, 0 br i1 %133, label %154, label %134 %135 = phi i64 [ %152, %150 ], [ %132, %126 ] %136 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %137 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %136, i64 0, i32 2 %138 = load i32, i32* %137, align 4 %139 = icmp eq i32 %138, %106 br i1 %139, label %140, label %150 %141 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %142 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %141, i64 0, i32 6 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %154, label %145 %146 = load volatile i64, i64* @jiffies, align 64 %147 = sub i64 %143, %146 %148 = icmp slt i64 %147, 0 br i1 %148, label %149, label %154 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.706567* %114, i32 %106) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.706566*, %struct.fnhe_hash_bucket.706566** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.706565*, %struct.fib_nh_exception.706565** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.706565* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.706565* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.706565*, %struct.fib_nh_exception.706565** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.706565* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.706565* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.706565** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.706565* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.706565** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.706564** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.706564* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.655458*)* @dst_dev_put to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %41) #69 call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %41) #69 ------------- Use: =BAD PATH= Call Stack: 0 ip_del_fnhe 1 __mkroute_output 2 ip_route_output_key_hash_rcu 3 ip_route_output_flow 4 ipip6_tunnel_bind_dev 5 ipip6_tunnel_init ------------- Path:  Function:ipip6_tunnel_init %2 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2136 %3 = bitcast i8* %2 to %struct.net_device.707029** store %struct.net_device.707029* %0, %struct.net_device.707029** %3, align 8 %4 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 107, i32 0 %5 = bitcast %struct.net.706629** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %8 = bitcast i8* %7 to i64* store i64 %6, i64* %8, align 8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2200 %10 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 0 %11 = tail call i8* @strcpy(i8* %9, i8* %10) #69 tail call fastcc void @ipip6_tunnel_bind_dev(%struct.net_device.707029* %0) #69 Function:ipip6_tunnel_bind_dev %2 = alloca %struct.flowi4, align 8 %3 = bitcast %struct.flowi4* %2 to i8* %4 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2248 %5 = bitcast i8* %4 to i32* %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %6, 0 br i1 %7, label %49, label %8 %9 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2144 %10 = bitcast i8* %9 to %struct.net.706629** %11 = load %struct.net.706629*, %struct.net.706629** %10, align 8 %12 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2244 %13 = bitcast i8* %12 to i32* %14 = load i32, i32* %13, align 4 %15 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2233 %16 = load i8, i8* %15, align 1 %17 = and i8 %16, 30 %18 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %0, i64 0, i32 0, i64 2216 %19 = bitcast i8* %18 to i32* %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 0 store i32 %20, i32* %21, align 8 %22 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 1 store i32 1, i32* %22, align 4 %23 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 2 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 3 store i8 %17, i8* %24, align 4 %25 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 4 store i8 0, i8* %25, align 1 %26 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 5 store i8 41, i8* %26, align 2 %27 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 6 %28 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 2 store i32 %6, i32* %28, align 4 %29 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 1 store i32 %14, i32* %29, align 8 %30 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 3 %31 = bitcast %struct.kuid_t* %30 to %struct.nlattr* %32 = bitcast %struct.kuid_t* %30 to i16* store i16 0, i16* %32, align 8 %33 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %31, i64 0, i32 1 store i16 0, i16* %33, align 2 %34 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %2, i64 0, i32 0, i32 10 store i32 0, i32* %34, align 8 %35 = call %struct.rtable.706564* @ip_route_output_flow(%struct.net.706629* %11, %struct.flowi4* nonnull %2, %struct.sock.706927* null) #69 Function:ip_route_output_flow %4 = alloca %struct.fib_result.707040, align 8 %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 3 %6 = load i8, i8* %5, align 4 %7 = bitcast %struct.fib_result.707040* %4 to i8* %8 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 1 store i32 1, i32* %8, align 4 %9 = and i8 %6, 28 store i8 %9, i8* %5, align 4 %10 = and i8 %6, 1 %11 = icmp eq i8 %10, 0 %12 = select i1 %11, i8 0, i8 -3 %13 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 4 store i8 %12, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = call %struct.rtable.706564* @ip_route_output_key_hash_rcu(%struct.net.706629* %0, %struct.flowi4* %1, %struct.fib_result.707040* nonnull %4, %struct.sk_buff.706937* null) #69 Function:ip_route_output_key_hash_rcu %5 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %8 = load i32, i32* %7, align 8 %9 = icmp eq i32 %8, 0 br i1 %9, label %40, label %10 %11 = and i32 %8, 240 %12 = icmp eq i32 %11, 224 %13 = icmp eq i32 %8, -1 %14 = or i1 %13, %12 br i1 %14, label %185, label %15 %16 = icmp eq i32 %6, 0 br i1 %16, label %17, label %30 %18 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 240 %21 = icmp eq i32 %20, 224 %22 = icmp eq i32 %19, -1 %23 = or i1 %22, %21 br i1 %23, label %24, label %30 %31 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 6 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 1 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %40 %41 = phi i32 [ %6, %4 ], [ %39, %38 ], [ %6, %30 ] %42 = icmp eq i32 %41, 0 br i1 %42, label %87, label %43 %44 = tail call %struct.net_device.707029* bitcast (%struct.net_device.653918* (%struct.net.653816*, i32)* @dev_get_by_index_rcu to %struct.net_device.707029* (%struct.net.706629*, i32)*)(%struct.net.706629* %0, i32 %41) #69 %45 = icmp eq %struct.net_device.707029* %44, null br i1 %45, label %185, label %46 %47 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 34 %48 = load i32, i32* %47, align 8 %49 = and i32 %48, 1 %50 = icmp eq i32 %49, 0 br i1 %50, label %185, label %51 %52 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %44, i64 0, i32 67 %53 = bitcast %struct.in_device.706989** %52 to i64* %54 = load volatile i64, i64* %53, align 8 %55 = icmp eq i64 %54, 0 br i1 %55, label %185, label %56 %57 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %58 = load i32, i32* %57, align 4 %59 = and i32 %58, 16777215 %60 = icmp eq i32 %59, 224 %61 = icmp eq i32 %58, -1 %62 = or i1 %61, %60 br i1 %62, label %67, label %63 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %65 = load i8, i8* %64, align 2 %66 = icmp eq i8 %65, 2 br i1 %66, label %67, label %72 %68 = load i32, i32* %7, align 8 %69 = icmp eq i32 %68, 0 br i1 %69, label %70, label %180 %181 = phi i32 [ 0, %27 ], [ %6, %67 ], [ %6, %70 ], [ %6, %144 ], [ %172, %166 ], [ %6, %175 ], [ %6, %96 ] %182 = phi i32 [ 0, %27 ], [ 0, %67 ], [ 0, %70 ], [ 0, %144 ], [ -2147483648, %166 ], [ 0, %175 ], [ -2147483648, %96 ] %183 = phi %struct.net_device.707029* [ %25, %27 ], [ %44, %67 ], [ %44, %70 ], [ %88, %144 ], [ %169, %166 ], [ %179, %175 ], [ %98, %96 ] %184 = tail call fastcc %struct.rtable.706564* @__mkroute_output(%struct.fib_result.707040* %2, %struct.flowi4* %1, i32 %181, %struct.net_device.707029* %183, i32 %182) #70 Function:__mkroute_output %6 = alloca i64, align 8 %7 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 7 %8 = load %struct.fib_info.706568*, %struct.fib_info.706568** %7, align 8 %9 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 3 %10 = load i8, i8* %9, align 2 %11 = zext i8 %10 to i16 %12 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 67 %13 = bitcast %struct.in_device.706989** %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.in_device.706989* %16 = icmp eq i64 %14, 0 br i1 %16, label %303, label %17 %18 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 0 %19 = load %struct.net_device.707029*, %struct.net_device.707029** %18, align 8 %20 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %19, i64 0, i32 107, i32 0 %21 = load %struct.net.706629*, %struct.net.706629** %20, align 8 %22 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %21, i64 0, i32 34, i32 5 %23 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %22, align 8 %24 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %23, i64 0, i32 1, i64 25 %25 = load i32, i32* %24, align 4 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %46, !prof !4 %28 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %15, i64 0, i32 20, i32 1, i64 25 %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %46, !prof !4, !misexpect !5 %32 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = and i32 %33, 255 %35 = icmp eq i32 %34, 127 br i1 %35, label %36, label %46 %37 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 8 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %46 %42 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 35 %43 = load i32, i32* %42, align 4 %44 = and i32 %43, 262144 %45 = icmp eq i32 %44, 0 br i1 %45, label %303, label %46 %47 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 2 %48 = load i32, i32* %47, align 4 %49 = icmp eq i32 %48, -1 br i1 %49, label %50, label %52 %53 = and i32 %48, 240 %54 = icmp eq i32 %53, 224 br i1 %54, label %55, label %57 %56 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %3, i64 0, i32 34 br label %69 %70 = phi i32 [ %4, %55 ], [ %64, %59 ] %71 = phi i32* [ %56, %55 ], [ %60, %59 ] %72 = or i32 %70, -1610612736 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 1 %74 = load i32, i32* %73, align 8 %75 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %1, i64 0, i32 0, i32 5 %76 = load i8, i8* %75, align 2 %77 = tail call i32 bitcast (i32 (%struct.in_device.731361*, i32, i32, i8)* @ip_check_mc_rcu to i32 (%struct.in_device.706989*, i32, i32, i8)*)(%struct.in_device.706989* nonnull %15, i32 %48, i32 %74, i8 zeroext %76) #69 %78 = icmp eq i32 %77, 0 %79 = and i32 %72, 2147483647 %80 = select i1 %78, i32 %79, i32 %72 %81 = icmp eq %struct.fib_info.706568* %8, null br i1 %81, label %212, label %82 %83 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 1 %84 = load i8, i8* %83, align 4 %85 = icmp ult i8 %84, 4 br i1 %85, label %212, label %86 %87 = zext i1 %78 to i32 %88 = zext i1 %78 to i8 %89 = load i32, i32* %47, align 4 br label %105 %106 = phi i32 [ %89, %86 ], [ %48, %99 ] %107 = phi i8 [ %88, %86 ], [ %104, %99 ] %108 = phi i32 [ %87, %86 ], [ %103, %99 ] %109 = phi i32 [ %80, %86 ], [ %64, %99 ] %110 = phi i16 [ 5, %86 ], [ %11, %99 ] %111 = phi i32* [ %71, %86 ], [ %60, %99 ] %112 = icmp eq i32 %108, 0 %113 = getelementptr inbounds %struct.fib_result.707040, %struct.fib_result.707040* %0, i64 0, i32 6 %114 = load %struct.fib_nh_common.706567*, %struct.fib_nh_common.706567** %113, align 8 %115 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %114, i64 0, i32 12 %116 = bitcast %struct.fnhe_hash_bucket.706566** %115 to i64* %117 = load volatile i64, i64* %116, align 8 %118 = icmp eq i64 %117, 0 br i1 %118, label %154, label %119 %120 = inttoptr i64 %117 to %struct.fnhe_hash_bucket.706566* callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@__mkroute_output, %121)) #6 to label %126 [label %121], !srcloc !6 %127 = call i64 @siphash_1u32(i32 %106, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %128 = mul i64 %127, 7046029254386353131 %129 = lshr i64 %128, 53 %130 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %120, i64 %129, i32 0 %131 = bitcast %struct.fib_nh_exception.706565** %130 to i64* %132 = load volatile i64, i64* %131, align 8 %133 = icmp eq i64 %132, 0 br i1 %133, label %154, label %134 %135 = phi i64 [ %152, %150 ], [ %132, %126 ] %136 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %137 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %136, i64 0, i32 2 %138 = load i32, i32* %137, align 4 %139 = icmp eq i32 %138, %106 br i1 %139, label %140, label %150 %141 = inttoptr i64 %135 to %struct.fib_nh_exception.706565* %142 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %141, i64 0, i32 6 %143 = load i64, i64* %142, align 8 %144 = icmp eq i64 %143, 0 br i1 %144, label %154, label %145 %146 = load volatile i64, i64* @jiffies, align 64 %147 = sub i64 %143, %146 %148 = icmp slt i64 %147, 0 br i1 %148, label %149, label %154 call fastcc void @ip_del_fnhe(%struct.fib_nh_common.706567* %114, i32 %106) #69 Function:ip_del_fnhe %3 = alloca i64, align 8 callbr void asm sideeffect "1:.byte 0xe9\0A\09 .long ${2:l} - 2f\0A\092:\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast ({ { %struct.kuid_t, { %struct.jump_entry* } } }* @fnhe_hashfun.___once_key to %struct.static_key*), i1 false, i8* blockaddress(@ip_del_fnhe, %4)) #6 to label %9 [label %4], !srcloc !4 %10 = call i64 @siphash_1u32(i32 %1, %struct.siphash_key_t* nonnull @fnhe_hashfun.fnhe_hash_key) #69 %11 = mul i64 %10, 7046029254386353131 %12 = lshr i64 %11, 53 call void @_raw_spin_lock_bh(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @fnhe_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.fib_nh_common.706567, %struct.fib_nh_common.706567* %0, i64 0, i32 12 %14 = load %struct.fnhe_hash_bucket.706566*, %struct.fnhe_hash_bucket.706566** %13, align 8 %15 = getelementptr %struct.fnhe_hash_bucket.706566, %struct.fnhe_hash_bucket.706566* %14, i64 %12, i32 0 %16 = load %struct.fib_nh_exception.706565*, %struct.fib_nh_exception.706565** %15, align 8 %17 = icmp eq %struct.fib_nh_exception.706565* %16, null br i1 %17, label %57, label %18 %19 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %16, i64 0, i32 2 %20 = load i32, i32* %19, align 4 %21 = icmp eq i32 %20, %1 br i1 %21, label %28, label %52 %53 = phi %struct.fib_nh_exception.706565* [ %55, %22 ], [ %16, %18 ] %54 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %53, i64 0, i32 0 %55 = load %struct.fib_nh_exception.706565*, %struct.fib_nh_exception.706565** %54, align 8 %56 = icmp eq %struct.fib_nh_exception.706565* %55, null br i1 %56, label %57, label %22 %23 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %55, i64 0, i32 2 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %1 br i1 %25, label %26, label %52 %27 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %53, i64 0, i32 0 br label %28 %29 = phi %struct.fib_nh_exception.706565* [ %16, %18 ], [ %55, %26 ] %30 = phi %struct.fib_nh_exception.706565** [ %15, %18 ], [ %27, %26 ] %31 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %29, i64 0, i32 2 %32 = bitcast %struct.fib_nh_exception.706565* %29 to i64* %33 = load i64, i64* %32, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %34 = bitcast %struct.fib_nh_exception.706565** %30 to i64* store volatile i64 %33, i64* %34, align 8 store i32 0, i32* %31, align 4 %35 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %29, i64 0, i32 7 %36 = bitcast %struct.rtable.706564** %35 to i64* %37 = load volatile i64, i64* %36, align 8 %38 = icmp eq i64 %37, 0 br i1 %38, label %42, label %39 %40 = inttoptr i64 %37 to %struct.rtable.706564* store volatile i64 0, i64* %36, align 8 %41 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %40, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.655458*)* @dst_dev_put to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %41) #69 call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %41) #69 br label %42 %43 = getelementptr inbounds %struct.fib_nh_exception.706565, %struct.fib_nh_exception.706565* %29, i64 0, i32 8 %44 = bitcast %struct.rtable.706564** %43 to i64* %45 = load volatile i64, i64* %44, align 8 %46 = icmp eq i64 %45, 0 br i1 %46, label %50, label %47 %48 = inttoptr i64 %45 to %struct.rtable.706564* store volatile i64 0, i64* %44, align 8 %49 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %48, i64 0, i32 0 call void bitcast (void (%struct.dst_entry.655458*)* @dst_dev_put to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %49) #69 call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* %49) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.706562* %0 to %struct.rtable.706564* %3 = icmp eq %struct.dst_entry.706562* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipv4_negative_advice ------------- Path:  Function:ipv4_negative_advice %2 = bitcast %struct.dst_entry.706562* %0 to %struct.rtable.706564* %3 = icmp eq %struct.dst_entry.706562* %0, null br i1 %3, label %19, label %4 %5 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 0, i32 8 %6 = load i16, i16* %5, align 2 %7 = icmp sgt i16 %6, 0 br i1 %7, label %8, label %9 %10 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %2, i64 0, i32 2 %11 = load i32, i32* %10, align 4 %12 = and i32 %11, 262144 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %18 %15 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 0, i32 3 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %19, label %18 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.706562*)*)(%struct.dst_entry.706562* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 dst_cache_per_cpu_get 1 dst_cache_get_ip4 2 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %484, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %33) #69 %35 = icmp eq i8* %34, null br i1 %35, label %484, label %36 %37 = load i16, i16* %5, align 8 br label %38 %39 = phi i16 [ %37, %36 ], [ %6, %2 ] switch i16 %39, label %484 [ i16 8, label %40 i16 -8826, label %55 ] %56 = load i8*, i8** %11, align 8 %57 = load i16, i16* %13, align 4 %58 = zext i16 %57 to i64 %59 = getelementptr i8, i8* %56, i64 %58 %60 = bitcast i8* %59 to %struct.ipv6hdr* %61 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2233 %62 = load i8, i8* %61, align 1 %63 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2238 %64 = bitcast i8* %63 to i16* %65 = load i16, i16* %64, align 2 %66 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2248 %67 = bitcast i8* %66 to i32* %68 = load i32, i32* %67, align 4 %69 = bitcast %struct.flowi4* %3 to i8* store i8 41, i8* %4, align 1 %70 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2260 %71 = bitcast i8* %70 to i32* %72 = load i32, i32* %71, align 4 %73 = icmp eq i8 %62, 1 br i1 %73, label %74, label %80 %75 = bitcast i8* %59 to i16* %76 = load i16, i16* %75, align 2 %78 = lshr i16 %77, 4 %79 = trunc i16 %78 to i8 br label %80 %81 = phi i8 [ %79, %74 ], [ %62, %55 ] %82 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 35 %83 = load i32, i32* %82, align 4 %84 = and i32 %83, 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %131, label %86 %87 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 4, i32 0, i32 0 %88 = load i64, i64* %87, align 8 %89 = and i64 %88, -2 %90 = inttoptr i64 %89 to %struct.dst_entry.706562* %91 = icmp eq i64 %89, 0 br i1 %91, label %478, label %92 %93 = getelementptr inbounds i8, i8* %59, i64 24 %94 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %90, i64 0, i32 1 %95 = load %struct.dst_ops.706536*, %struct.dst_ops.706536** %94, align 8 %96 = getelementptr inbounds %struct.dst_ops.706536, %struct.dst_ops.706536* %95, i64 0, i32 14 %97 = load %struct.neighbour.706534* (%struct.dst_entry.706562*, %struct.sk_buff.706937*, i8*)*, %struct.neighbour.706534* (%struct.dst_entry.706562*, %struct.sk_buff.706937*, i8*)** %96, align 8 %98 = tail call %struct.neighbour.706534* %97(%struct.dst_entry.706562* nonnull %90, %struct.sk_buff.706937* null, i8* %93) #69 %99 = icmp ugt %struct.neighbour.706534* %98, inttoptr (i64 -4096 to %struct.neighbour.706534*) %100 = icmp eq %struct.neighbour.706534* %98, null %101 = or i1 %99, %100 br i1 %101, label %478, label %102 %103 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %98, i64 0, i32 26 %104 = bitcast [0 x i8]* %103 to %struct.in6_addr* %105 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %104) #69 %106 = and i32 %105, 1 %107 = icmp eq i32 %106, 0 br i1 %107, label %117, label %108 %109 = getelementptr %struct.in6_addr, %struct.in6_addr* %104, i64 0, i32 0, i32 0, i64 2 %110 = load i32, i32* %109, align 4 %111 = and i32 %110, -3 %112 = icmp eq i32 %111, -27394048 br i1 %112, label %113, label %117 %114 = bitcast [0 x i8]* %103 to [4 x i32]* %115 = getelementptr [4 x i32], [4 x i32]* %114, i64 0, i64 3 %116 = load i32, i32* %115, align 4 br label %117 %118 = phi i32 [ %116, %113 ], [ %68, %102 ], [ %68, %108 ] %119 = phi i1 [ false, %113 ], [ true, %102 ], [ true, %108 ] %120 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %98, i64 0, i32 6 %121 = getelementptr inbounds %union.anon.21, %union.anon.21* %120, i64 0, i32 0, i32 0 %122 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %121, i32 -1, i32* %121) #6, !srcloc !7 %123 = icmp eq i32 %122, 1 br i1 %123, label %129, label %124 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour.653686*)* @neigh_destroy to void (%struct.neighbour.706534*)*)(%struct.neighbour.706534* nonnull %98) #69 br label %130 br i1 %119, label %478, label %131 %132 = phi i32 [ %68, %80 ], [ %118, %130 ] %133 = icmp eq i32 %132, 0 br i1 %133, label %134, label %196 %135 = getelementptr inbounds i8, i8* %59, i64 24 %136 = bitcast i8* %135 to i16* %137 = load i16, i16* %136, align 4 %138 = icmp eq i16 %137, 544 br i1 %138, label %139, label %144 %140 = getelementptr i8, i8* %135, i64 2 %141 = bitcast i8* %140 to i32* %142 = load i32, i32* %141, align 2 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %196 %145 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 4, i32 0, i32 0 %146 = load i64, i64* %145, align 8 %147 = and i64 %146, -2 %148 = inttoptr i64 %147 to %struct.dst_entry.706562* %149 = icmp eq i64 %147, 0 br i1 %149, label %478, label %150 %151 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %148, i64 0, i32 1 %152 = load %struct.dst_ops.706536*, %struct.dst_ops.706536** %151, align 8 %153 = getelementptr inbounds %struct.dst_ops.706536, %struct.dst_ops.706536* %152, i64 0, i32 14 %154 = load %struct.neighbour.706534* (%struct.dst_entry.706562*, %struct.sk_buff.706937*, i8*)*, %struct.neighbour.706534* (%struct.dst_entry.706562*, %struct.sk_buff.706937*, i8*)** %153, align 8 %155 = tail call %struct.neighbour.706534* %154(%struct.dst_entry.706562* nonnull %148, %struct.sk_buff.706937* null, i8* %135) #69 %156 = icmp ugt %struct.neighbour.706534* %155, inttoptr (i64 -4096 to %struct.neighbour.706534*) %157 = icmp eq %struct.neighbour.706534* %155, null %158 = or i1 %156, %157 br i1 %158, label %478, label %159 %160 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %155, i64 0, i32 26 %161 = bitcast [0 x i8]* %160 to %struct.in6_addr* %162 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %161) #69 %163 = and i32 %162, 65535 %164 = icmp eq i32 %163, 0 br i1 %164, label %165, label %174 %166 = load i8*, i8** %11, align 8 %167 = load i16, i16* %13, align 4 %168 = zext i16 %167 to i64 %169 = getelementptr i8, i8* %166, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 24 %171 = bitcast i8* %170 to %struct.in6_addr* %172 = tail call i32 @__ipv6_addr_type(%struct.in6_addr* %171) #69 %173 = and i32 %172, 65535 br label %174 %175 = phi %struct.in6_addr* [ %171, %165 ], [ %161, %159 ] %176 = phi i32 [ %173, %165 ], [ %163, %159 ] %177 = trunc i32 %176 to i8 %178 = icmp sgt i8 %177, -1 br i1 %178, label %182, label %179 %180 = getelementptr %struct.in6_addr, %struct.in6_addr* %175, i64 0, i32 0, i32 0, i64 3 %181 = load i32, i32* %180, align 4 br label %182 %183 = phi i32 [ %181, %179 ], [ 0, %174 ] %184 = phi i1 [ false, %179 ], [ true, %174 ] %185 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %155, i64 0, i32 6 %186 = getelementptr inbounds %union.anon.21, %union.anon.21* %185, i64 0, i32 0, i32 0 %187 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %186, i32 -1, i32* %186) #6, !srcloc !7 %188 = icmp eq i32 %187, 1 br i1 %188, label %194, label %189 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.neighbour.653686*)* @neigh_destroy to void (%struct.neighbour.706534*)*)(%struct.neighbour.706534* nonnull %155) #69 br label %195 br i1 %184, label %478, label %196 %197 = phi i32 [ %142, %139 ], [ %183, %195 ], [ %132, %131 ] %198 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2216 %199 = bitcast i8* %198 to i32* %200 = load i32, i32* %199, align 8 %201 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2296 %202 = bitcast i8* %201 to i32* %203 = load i32, i32* %202, align 8 %204 = and i8 %81, 30 %205 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2244 %206 = bitcast i8* %205 to i32* %207 = load i32, i32* %206, align 4 %208 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2144 %209 = bitcast i8* %208 to %struct.net.706629** %210 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 0 store i32 %200, i32* %210, align 8 %211 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 1 store i32 1, i32* %211, align 4 %212 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 2 store i32 %203, i32* %212, align 8 %213 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 3 store i8 %204, i8* %213, align 4 %214 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 4 store i8 0, i8* %214, align 1 %215 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 5 store i8 41, i8* %215, align 2 %216 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 6 %217 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 2 store i32 %197, i32* %217, align 4 %218 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 1 store i32 %207, i32* %218, align 8 %219 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 3 %220 = bitcast %struct.kuid_t* %219 to %struct.nlattr* %221 = bitcast %struct.kuid_t* %219 to i16* store i16 0, i16* %221, align 8 %222 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %220, i64 0, i32 1 store i16 0, i16* %222, align 2 %223 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %3, i64 0, i32 0, i32 10 store i32 0, i32* %223, align 8 %224 = getelementptr %struct.net_device.707029, %struct.net_device.707029* %1, i64 0, i32 0, i64 2184 %225 = bitcast i8* %224 to %struct.dst_cache* %226 = call %struct.rtable.706564* bitcast (%struct.rtable.668047* (%struct.dst_cache*, i32*)* @dst_cache_get_ip4 to %struct.rtable.706564* (%struct.dst_cache*, i32*)*)(%struct.dst_cache* %225, i32* %218) #69 Function:dst_cache_get_ip4 %3 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 0 %4 = load %struct.dst_cache_pcpu*, %struct.dst_cache_pcpu** %3, align 8 %5 = icmp eq %struct.dst_cache_pcpu* %4, null br i1 %5, label %15, label %6 %7 = tail call i64 asm sideeffect "add %gs:$1, $0", "=r,*m,0,~{dirflag},~{fpsr},~{flags}"(i64* nonnull @this_cpu_off, %struct.dst_cache_pcpu* nonnull %4) #6, !srcloc !4 %8 = inttoptr i64 %7 to %struct.dst_cache_pcpu* %9 = tail call fastcc %struct.dst_entry.668527* @dst_cache_per_cpu_get(%struct.dst_cache* %0, %struct.dst_cache_pcpu* %8) #69 Function:dst_cache_per_cpu_get %3 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 1 %4 = load %struct.dst_entry.668527*, %struct.dst_entry.668527** %3, align 8 %5 = icmp eq %struct.dst_entry.668527* %4, null br i1 %5, label %44, label %6 %7 = getelementptr inbounds %struct.dst_entry.668527, %struct.dst_entry.668527* %4, i64 0, i32 11, i32 0 %8 = load volatile i32, i32* %7, align 4 %9 = icmp eq i32 %8, 0 br i1 %9, label %20, label %10, !prof !4, !misexpect !5 %11 = phi i32 [ %18, %17 ], [ %8, %6 ] %12 = add i32 %11, 1 %13 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %7, i32 %12, i32* %7, i32 %11) #6, !srcloc !6 %14 = extractvalue { i8, i32 } %13, 0 %15 = and i8 %14, 1 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %21, !prof !4, !misexpect !5 %22 = getelementptr inbounds %struct.dst_cache, %struct.dst_cache* %0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 0 %25 = load i64, i64* %24, align 8 %26 = sub i64 %23, %25 %27 = icmp slt i64 %26, 0 br i1 %27, label %28, label %41, !prof !9 %29 = getelementptr inbounds %struct.dst_entry.668527, %struct.dst_entry.668527* %4, i64 0, i32 8 %30 = load i16, i16* %29, align 2 %31 = icmp eq i16 %30, 0 br i1 %31, label %47, label %32 %33 = getelementptr inbounds %struct.dst_entry.668527, %struct.dst_entry.668527* %4, i64 0, i32 1 %34 = load %struct.dst_ops.668079*, %struct.dst_ops.668079** %33, align 8 %35 = getelementptr inbounds %struct.dst_ops.668079, %struct.dst_ops.668079* %34, i64 0, i32 3 %36 = load %struct.dst_entry.668527* (%struct.dst_entry.668527*, i32)*, %struct.dst_entry.668527* (%struct.dst_entry.668527*, i32)** %35, align 16 %37 = getelementptr inbounds %struct.dst_cache_pcpu, %struct.dst_cache_pcpu* %1, i64 0, i32 2 %38 = load i32, i32* %37, align 8 %39 = tail call %struct.dst_entry.668527* %36(%struct.dst_entry.668527* nonnull %4, i32 %38) #69 %40 = icmp eq %struct.dst_entry.668527* %39, null br i1 %40, label %41, label %47, !prof !4, !misexpect !5 %42 = load %struct.dst_entry.668527*, %struct.dst_entry.668527** %3, align 8 tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.668527*)*)(%struct.dst_entry.668527* %42) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __pskb_pull_tail 4 packet_parse_headers 5 packet_sendmsg_spkt ------------- Path:  Function:packet_sendmsg_spkt %4 = alloca %struct.sockcm_cookie, align 8 %5 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %6 = load %struct.sock.250976*, %struct.sock.250976** %5, align 8 %7 = bitcast %struct.msghdr.250942* %1 to %struct.sockaddr_pkt** %8 = load %struct.sockaddr_pkt*, %struct.sockaddr_pkt** %7, align 8 %9 = bitcast %struct.sockcm_cookie* %4 to i8* %10 = icmp eq %struct.sockaddr_pkt* %8, null br i1 %10, label %244, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %13 = load i32, i32* %12, align 8 %14 = icmp ult i32 %13, 16 br i1 %14, label %244, label %15 %16 = icmp eq i32 %13, 18 br i1 %16, label %17, label %20 %21 = phi i16 [ %19, %17 ], [ 0, %15 ] %22 = getelementptr %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 13 store i8 0, i8* %22, align 1 %23 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %6, i64 0, i32 0, i32 9, i32 0 %24 = getelementptr inbounds %struct.sockaddr_pkt, %struct.sockaddr_pkt* %8, i64 0, i32 1, i64 0 %25 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %6, i64 0, i32 0, i32 13, i32 0 %26 = trunc i64 %2 to i32 %27 = icmp slt i32 %26, 0 %28 = and i64 %2, 4294967295 %29 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 2 br label %30 %31 = phi i32 [ 0, %20 ], [ %51, %111 ] %32 = phi %struct.sk_buff.250723* [ null, %20 ], [ %81, %111 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %33 = load %struct.net.251046*, %struct.net.251046** %23, align 8 %34 = tail call %struct.net_device.250877* bitcast (%struct.net_device.653918* (%struct.net.653816*, i8*)* @dev_get_by_name_rcu to %struct.net_device.250877* (%struct.net.251046*, i8*)*)(%struct.net.251046* %33, i8* %24) #69 %35 = icmp eq %struct.net_device.250877* %34, null br i1 %35, label %239, label %36 %37 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 34 %38 = load i32, i32* %37, align 8 %39 = and i32 %38, 1 %40 = icmp eq i32 %39, 0 br i1 %40, label %239, label %41 %42 = load volatile i64, i64* %25, align 8 %43 = and i64 %42, 2097152 %44 = icmp eq i64 %43, 0 br i1 %44, label %50, label %45, !prof !5, !misexpect !6 %46 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 35 %47 = load i32, i32* %46, align 4 %48 = and i32 %47, 16384 %49 = icmp eq i32 %48, 0 br i1 %49, label %239, label %50 %51 = phi i32 [ %31, %41 ], [ 4, %45 ] %52 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 42 %53 = load i32, i32* %52, align 8 %54 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 46 %55 = load i16, i16* %54, align 2 %56 = zext i16 %55 to i32 %57 = add i32 %51, 4 %58 = add i32 %57, %53 %59 = add i32 %58, %56 %60 = zext i32 %59 to i64 %61 = icmp ult i64 %60, %2 br i1 %61, label %239, label %62 %63 = icmp eq %struct.sk_buff.250723* %32, null br i1 %63, label %64, label %113 %114 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 42 %115 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 46 %116 = zext i16 %55 to i32 %117 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 41 %118 = load i8*, i8** %117, align 8 %119 = icmp sgt i32 %116, %26 br i1 %119, label %120, label %146, !prof !8, !misexpect !11 %147 = load i32, i32* %114, align 8 %148 = load i16, i16* %115, align 2 %149 = zext i16 %148 to i32 %150 = add i32 %147, %51 %151 = add i32 %150, %149 %152 = zext i32 %151 to i64 %153 = icmp ult i64 %152, %2 br i1 %153, label %154, label %174 %155 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %34, i64 0, i32 45 %156 = load i16, i16* %155, align 4 %157 = icmp eq i16 %156, 1 br i1 %157, label %158, label %239, !prof !5, !misexpect !6 %159 = bitcast i8** %117 to i64* %160 = load i64, i64* %159, align 8 %161 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 40 %162 = bitcast i8** %161 to i64* %163 = load i64, i64* %162, align 8 %164 = sub i64 %160, %163 %165 = trunc i64 %164 to i16 %166 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 36 store i16 %165, i16* %166, align 2 %167 = inttoptr i64 %163 to i8* %168 = and i64 %164, 65535 %169 = getelementptr i8, i8* %167, i64 %168 %170 = getelementptr inbounds i8, i8* %169, i64 12 %171 = bitcast i8* %170 to i16* %172 = load i16, i16* %171, align 1 %173 = icmp eq i16 %172, 129 br i1 %173, label %174, label %239 %175 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %6, i64 0, i32 60 %176 = load i16, i16* %175, align 8 %177 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 0 store i64 0, i64* %177, align 8 %178 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 1 store i32 0, i32* %178, align 8 %179 = getelementptr inbounds %struct.sockcm_cookie, %struct.sockcm_cookie* %4, i64 0, i32 2 store i16 %176, i16* %179, align 4 %180 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %181 = load i64, i64* %180, align 8 %182 = icmp eq i64 %181, 0 br i1 %182, label %189, label %183 %184 = call i32 @sock_cmsg_send(%struct.sock.250976* %6, %struct.msghdr.250942* %1, %struct.sockcm_cookie* nonnull %4) #69 %185 = icmp eq i32 %184, 0 br i1 %185, label %186, label %239, !prof !5, !misexpect !6 %187 = load i64, i64* %177, align 8 %188 = load i16, i16* %179, align 4 br label %189 %190 = phi i16 [ %188, %186 ], [ %176, %174 ] %191 = phi i64 [ %187, %186 ], [ 0, %174 ] %192 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 33 store i16 %21, i16* %192, align 8 %193 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.250877* %34, %struct.net_device.250877** %193, align 8 %194 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %6, i64 0, i32 31 %195 = load i32, i32* %194, align 8 %196 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 21 store i32 %195, i32* %196, align 4 %197 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %6, i64 0, i32 32 %198 = load i32, i32* %197, align 4 %199 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 28, i32 0 store i32 %198, i32* %199, align 4 %200 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 2, i32 0 store i64 %191, i64* %200, align 8 %201 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 1, i32 0 %202 = load %struct.sock.250976*, %struct.sock.250976** %201, align 8 %203 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 40 %204 = load i8*, i8** %203, align 8 %205 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 39 %206 = load i32, i32* %205, align 4 %207 = zext i32 %206 to i64 %208 = getelementptr i8, i8* %204, i64 %207 %209 = getelementptr inbounds i8, i8* %208, i64 3 %210 = getelementptr inbounds i8, i8* %208, i64 28 %211 = bitcast i8* %210 to i32* %212 = icmp eq i16 %190, 0 br i1 %212, label %223, label %213, !prof !5, !misexpect !6 call void @__sock_tx_timestamp(i16 zeroext %190, i8* %209) #69 %214 = trunc i16 %190 to i8 %215 = icmp sgt i8 %214, -1 %216 = and i16 %190, 771 %217 = icmp eq i16 %216, 0 %218 = or i1 %217, %215 br i1 %218, label %223, label %219 %220 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %202, i64 0, i32 62 %221 = load i32, i32* %220, align 4 %222 = add i32 %221, 1 store i32 %222, i32* %220, align 4 store i32 %221, i32* %211, align 4 br label %223 %224 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %202, i64 0, i32 0, i32 13, i32 0 %225 = load volatile i64, i64* %224, align 8 %226 = and i64 %225, 1048576 %227 = icmp eq i64 %226, 0 br i1 %227, label %231, label %228, !prof !5, !misexpect !6 %232 = icmp eq i32 %51, 4 br i1 %232, label %233, label %237, !prof !8, !misexpect !6 %234 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %32, i64 0, i32 16 %235 = load i16, i16* %234, align 8 %236 = or i16 %235, 4096 store i16 %236, i16* %234, align 8 br label %237 call fastcc void @packet_parse_headers(%struct.sk_buff.250723* nonnull %32, %struct.socket.250973* %0) #70 Function:packet_parse_headers %3 = alloca %struct.nlattr, align 2 %4 = alloca %struct.flow_keys_basic, align 4 %5 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 switch i16 %6, label %34 [ i16 0, label %7 i16 768, label %7 ] %35 = phi i16 [ %6, %2 ], [ %33, %32 ], [ %6, %7 ] %36 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %37 = load %struct.net_device.250877*, %struct.net_device.250877** %36, align 8 %38 = getelementptr inbounds %struct.net_device.250877, %struct.net_device.250877* %37, i64 0, i32 45 %39 = load i16, i16* %38, align 4 %40 = icmp eq i16 %39, 1 br i1 %40, label %41, label %120, !prof !4, !misexpect !5 switch i16 %35, label %120 [ i16 129, label %42 i16 -22392, label %42 ] %43 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 8 %44 = load i16, i16* %43, align 8 %45 = zext i16 %44 to i32 switch i16 %35, label %91 [ i16 129, label %46 i16 -22392, label %46 ] %47 = icmp eq i16 %44, 0 br i1 %47, label %53, label %48 %49 = icmp ult i16 %44, 4 br i1 %49, label %50, label %51, !prof !6, !misexpect !7 %52 = add nsw i32 %45, -4 br label %53 %54 = phi i32 [ %52, %51 ], [ 14, %46 ] %55 = bitcast %struct.nlattr* %3 to i8* %56 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 6 %57 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 7 %58 = icmp eq %struct.sk_buff.250723* %0, null %59 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 41 br label %60 %61 = phi i32 [ 8, %53 ], [ %82, %90 ] %62 = phi i32 [ %54, %53 ], [ %89, %90 ] %63 = load i32, i32* %56, align 8 %64 = load i32, i32* %57, align 4 %65 = sub i32 %63, %62 %66 = sub i32 %65, %64 %67 = icmp sgt i32 %66, 3 br i1 %67, label %68, label %72 br i1 %58, label %84, label %73 %74 = call i32 bitcast (i32 (%struct.sk_buff.647384*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.250723*, i32, i8*, i32)*)(%struct.sk_buff.250723* nonnull %0, i32 %62, i8* nonnull %55, i32 4) #69 %75 = icmp slt i32 %74, 0 %76 = select i1 %75, i8* null, i8* %55 br label %77 %78 = phi i8* [ %76, %73 ], [ %71, %68 ] %79 = icmp eq i8* %78, null %80 = add i32 %61, -1 %81 = icmp eq i32 %80, 0 %82 = select i1 %79, i32 %61, i32 %80, !prof !6 %83 = or i1 %81, %79 br i1 %83, label %84, label %85, !prof !6, !misexpect !7 %86 = getelementptr inbounds i8, i8* %78, i64 2 %87 = bitcast i8* %86 to i16* %88 = load i16, i16* %87, align 2 %89 = add i32 %62, 4 switch i16 %88, label %91 [ i16 129, label %90 i16 -22392, label %90 ] %92 = phi i32 [ %45, %42 ], [ %89, %85 ] %93 = phi i16 [ %35, %42 ], [ %88, %85 ] %94 = icmp eq i16 %93, 0 br i1 %94, label %120, label %95 %96 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 6 %97 = load i32, i32* %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.250723, %struct.sk_buff.250723* %0, i64 0, i32 7 %99 = load i32, i32* %98, align 4 %100 = sub i32 %97, %99 %101 = icmp ugt i32 %92, %100 br i1 %101, label %102, label %108, !prof !6, !misexpect !5 %103 = icmp ult i32 %97, %92 br i1 %103, label %120, label %104, !prof !6, !misexpect !7 %105 = sub i32 %92, %100 %106 = call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.250723*, i32)*)(%struct.sk_buff.250723* %0, i32 %105) #69 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.647384* %0, i32 0, i32 %27, i32 2592) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %327 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.647384* %0, i32 %38, i8* %42, i32 %1) #69 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.647384** %53 = load %struct.sk_buff.647384*, %struct.sk_buff.647384** %52, align 8 %54 = icmp eq %struct.sk_buff.647384* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.647262]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %253, label %194 %195 = phi i64 [ %242, %239 ], [ 0, %186 ] %196 = phi i8* [ %246, %239 ], [ %190, %186 ] %197 = phi i32 [ %241, %239 ], [ 0, %186 ] %198 = phi i32 [ %240, %239 ], [ %1, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.647262]* %201 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %198, %202 br i1 %203, label %222, label %204 %223 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195 %224 = sext i32 %197 to i64 %225 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224 %226 = bitcast %struct.page_frag.647262* %225 to i8* %227 = bitcast %struct.page_frag.647262* %223 to i8* %228 = icmp eq i32 %198, 0 br i1 %228, label %237, label %229 %230 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 2 %231 = load i32, i32* %230, align 4 %232 = add i32 %231, %198 store i32 %232, i32* %230, align 4 %233 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 1 %234 = load i32, i32* %233, align 8 %235 = sub i32 %234, %198 store i32 %235, i32* %233, align 8 %236 = icmp eq i64 %195, 0 br i1 %236, label %257, label %237 %258 = load i32, i32* %3, align 8 %259 = add i32 %258, %1 store i32 %259, i32* %3, align 8 %260 = load i32, i32* %36, align 4 %261 = sub i32 %260, %1 store i32 %261, i32* %36, align 4 %262 = icmp ne i32 %261, 0 %263 = icmp eq %struct.sk_buff.647384* %0, null %264 = or i1 %263, %262 br i1 %264, label %322, label %265 %266 = load i8*, i8** %39, align 8 %267 = load i32, i32* %6, align 4 %268 = zext i32 %267 to i64 %269 = getelementptr i8, i8* %266, i64 %268 %270 = getelementptr inbounds i8, i8* %269, i64 3 %271 = load i8, i8* %270, align 1 %272 = and i8 %271, 8 %273 = icmp eq i8 %272, 0 br i1 %273, label %322, label %274 %275 = getelementptr inbounds i8, i8* %269, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info** %277 = load %struct.ubuf_info*, %struct.ubuf_info** %276, align 8 %278 = icmp eq %struct.ubuf_info* %277, null br i1 %278, label %322, label %279 %280 = ptrtoint %struct.ubuf_info* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %313 %284 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 0 %285 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %286 = icmp eq void (%struct.ubuf_info*, i1)* %285, @sock_zerocopy_callback br i1 %286, label %287, label %312 %288 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 1 %289 = bitcast %union.anon.200.646320* %288 to %struct.anon.188.647729* %290 = getelementptr inbounds %struct.anon.188.647729, %struct.anon.188.647729* %289, i64 0, i32 2 %291 = load i8, i8* %290, align 2 %292 = and i8 %291, -2 store i8 %292, i8* %290, align 2 %293 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 2 %294 = getelementptr inbounds %union.anon.21, %union.anon.21* %293, i64 0, i32 0, i32 0 %295 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %294, i32 -1, i32* %294) #6, !srcloc !10 %296 = icmp eq i32 %295, 1 br i1 %296, label %302, label %297 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %303 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %304 = icmp eq void (%struct.ubuf_info*, i1)* %303, null br i1 %304, label %309, label %305 %310 = getelementptr %struct.ubuf_info, %struct.ubuf_info* %277, i64 -1, i32 1 %311 = bitcast %union.anon.200.646320* %310 to %struct.sk_buff.647384* tail call void @consume_skb(%struct.sk_buff.647384* %311) #70 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __pskb_pull_tail 4 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %26) #69 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.647384* %0, i32 0, i32 %27, i32 2592) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %327 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.647384* %0, i32 %38, i8* %42, i32 %1) #69 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.647384** %53 = load %struct.sk_buff.647384*, %struct.sk_buff.647384** %52, align 8 %54 = icmp eq %struct.sk_buff.647384* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.647262]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %253, label %194 %195 = phi i64 [ %242, %239 ], [ 0, %186 ] %196 = phi i8* [ %246, %239 ], [ %190, %186 ] %197 = phi i32 [ %241, %239 ], [ 0, %186 ] %198 = phi i32 [ %240, %239 ], [ %1, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.647262]* %201 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %198, %202 br i1 %203, label %222, label %204 %223 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195 %224 = sext i32 %197 to i64 %225 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224 %226 = bitcast %struct.page_frag.647262* %225 to i8* %227 = bitcast %struct.page_frag.647262* %223 to i8* %228 = icmp eq i32 %198, 0 br i1 %228, label %237, label %229 %230 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 2 %231 = load i32, i32* %230, align 4 %232 = add i32 %231, %198 store i32 %232, i32* %230, align 4 %233 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 1 %234 = load i32, i32* %233, align 8 %235 = sub i32 %234, %198 store i32 %235, i32* %233, align 8 %236 = icmp eq i64 %195, 0 br i1 %236, label %257, label %237 %258 = load i32, i32* %3, align 8 %259 = add i32 %258, %1 store i32 %259, i32* %3, align 8 %260 = load i32, i32* %36, align 4 %261 = sub i32 %260, %1 store i32 %261, i32* %36, align 4 %262 = icmp ne i32 %261, 0 %263 = icmp eq %struct.sk_buff.647384* %0, null %264 = or i1 %263, %262 br i1 %264, label %322, label %265 %266 = load i8*, i8** %39, align 8 %267 = load i32, i32* %6, align 4 %268 = zext i32 %267 to i64 %269 = getelementptr i8, i8* %266, i64 %268 %270 = getelementptr inbounds i8, i8* %269, i64 3 %271 = load i8, i8* %270, align 1 %272 = and i8 %271, 8 %273 = icmp eq i8 %272, 0 br i1 %273, label %322, label %274 %275 = getelementptr inbounds i8, i8* %269, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info** %277 = load %struct.ubuf_info*, %struct.ubuf_info** %276, align 8 %278 = icmp eq %struct.ubuf_info* %277, null br i1 %278, label %322, label %279 %280 = ptrtoint %struct.ubuf_info* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %313 %284 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 0 %285 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %286 = icmp eq void (%struct.ubuf_info*, i1)* %285, @sock_zerocopy_callback br i1 %286, label %287, label %312 %288 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 1 %289 = bitcast %union.anon.200.646320* %288 to %struct.anon.188.647729* %290 = getelementptr inbounds %struct.anon.188.647729, %struct.anon.188.647729* %289, i64 0, i32 2 %291 = load i8, i8* %290, align 2 %292 = and i8 %291, -2 store i8 %292, i8* %290, align 2 %293 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 2 %294 = getelementptr inbounds %union.anon.21, %union.anon.21* %293, i64 0, i32 0, i32 0 %295 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %294, i32 -1, i32* %294) #6, !srcloc !10 %296 = icmp eq i32 %295, 1 br i1 %296, label %302, label %297 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %303 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %304 = icmp eq void (%struct.ubuf_info*, i1)* %303, null br i1 %304, label %309, label %305 %310 = getelementptr %struct.ubuf_info, %struct.ubuf_info* %277, i64 -1, i32 1 %311 = bitcast %union.anon.200.646320* %310 to %struct.sk_buff.647384* tail call void @consume_skb(%struct.sk_buff.647384* %311) #70 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __pskb_pull_tail 4 sit_tunnel_xmit ------------- Path:  Function:sit_tunnel_xmit %3 = alloca %struct.flowi4, align 8 %4 = alloca i8, align 1 %5 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 33 %6 = load i16, i16* %5, align 8 %7 = icmp eq i16 %6, 8 %8 = select i1 %7, i32 20, i32 0 %9 = icmp eq i16 %6, -8826 %10 = select i1 %9, i32 40, i32 %8 %11 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 35 %14 = load i16, i16* %13, align 4 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 41 %18 = bitcast i8** %17 to i64* %19 = load i64, i64* %18, align 8 %20 = ptrtoint i8* %16 to i64 %21 = sub i64 %20, %19 %22 = trunc i64 %21 to i32 %23 = add i32 %10, %22 %24 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 6 %25 = load i32, i32* %24, align 8 %26 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 7 %27 = load i32, i32* %26, align 4 %28 = sub i32 %25, %27 %29 = icmp ugt i32 %23, %28 br i1 %29, label %30, label %38, !prof !4, !misexpect !5 %31 = icmp ult i32 %25, %23 br i1 %31, label %484, label %32, !prof !4, !misexpect !6 %33 = sub i32 %23, %28 %34 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %33) #69 Function:__pskb_pull_tail %3 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 38 %4 = load i32, i32* %3, align 8 %5 = add i32 %4, %1 %6 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 39 %7 = load i32, i32* %6, align 4 %8 = sub i32 %5, %7 %9 = icmp sgt i32 %8, 0 br i1 %9, label %25, label %10 %11 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 12 %12 = load i8, i8* %11, align 2 %13 = and i8 %12, 1 %14 = icmp eq i8 %13, 0 br i1 %14, label %32, label %15 %16 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %17 = load i8*, i8** %16, align 8 %18 = zext i32 %7 to i64 %19 = getelementptr i8, i8* %17, i64 %18 %20 = getelementptr inbounds i8, i8* %19, i64 32 %21 = bitcast i8* %20 to i32* %22 = load volatile i32, i32* %21, align 4 %23 = and i32 %22, 65535 %24 = icmp eq i32 %23, 1 br i1 %24, label %32, label %25 %26 = add i32 %8, 128 %27 = select i1 %9, i32 %26, i32 0 %28 = tail call i32 @pskb_expand_head(%struct.sk_buff.647384* %0, i32 0, i32 %27, i32 2592) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %327 %31 = load i32, i32* %3, align 8 br label %32 %33 = phi i32 [ %31, %30 ], [ %4, %10 ], [ %4, %15 ] %34 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 6 %35 = load i32, i32* %34, align 8 %36 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 7 %37 = load i32, i32* %36, align 4 %38 = sub i32 %35, %37 %39 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 40 %40 = load i8*, i8** %39, align 8 %41 = zext i32 %33 to i64 %42 = getelementptr i8, i8* %40, i64 %41 %43 = tail call i32 @skb_copy_bits(%struct.sk_buff.647384* %0, i32 %38, i8* %42, i32 %1) #69 %44 = icmp eq i32 %43, 0 br i1 %44, label %46, label %45, !prof !4, !misexpect !5 %47 = load i8*, i8** %39, align 8 %48 = load i32, i32* %6, align 4 %49 = zext i32 %48 to i64 %50 = getelementptr i8, i8* %47, i64 %49 %51 = getelementptr inbounds i8, i8* %50, i64 8 %52 = bitcast i8* %51 to %struct.sk_buff.647384** %53 = load %struct.sk_buff.647384*, %struct.sk_buff.647384** %52, align 8 %54 = icmp eq %struct.sk_buff.647384* %53, null br i1 %54, label %186, label %55 %56 = getelementptr inbounds i8, i8* %50, i64 2 %57 = load i8, i8* %56, align 2 %58 = icmp eq i8 %57, 0 br i1 %58, label %73, label %59 %60 = getelementptr inbounds i8, i8* %50, i64 48 %61 = bitcast i8* %60 to [17 x %struct.page_frag.647262]* %62 = zext i8 %57 to i64 br label %63 %64 = phi i64 [ 0, %59 ], [ %71, %69 ] %65 = phi i32 [ %1, %59 ], [ %70, %69 ] %66 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %61, i64 0, i64 %64, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp sgt i32 %65, %67 br i1 %68, label %69, label %186 %187 = phi i32 [ %48, %46 ], [ %173, %172 ], [ %185, %176 ], [ %48, %73 ], [ %48, %63 ] %188 = phi i8* [ %47, %46 ], [ %174, %172 ], [ %184, %176 ], [ %47, %73 ], [ %47, %63 ] %189 = zext i32 %187 to i64 %190 = getelementptr i8, i8* %188, i64 %189 %191 = getelementptr inbounds i8, i8* %190, i64 2 %192 = load i8, i8* %191, align 2 %193 = icmp eq i8 %192, 0 br i1 %193, label %253, label %194 %195 = phi i64 [ %242, %239 ], [ 0, %186 ] %196 = phi i8* [ %246, %239 ], [ %190, %186 ] %197 = phi i32 [ %241, %239 ], [ 0, %186 ] %198 = phi i32 [ %240, %239 ], [ %1, %186 ] %199 = getelementptr inbounds i8, i8* %196, i64 48 %200 = bitcast i8* %199 to [17 x %struct.page_frag.647262]* %201 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195, i32 1 %202 = load i32, i32* %201, align 8 %203 = icmp slt i32 %198, %202 br i1 %203, label %222, label %204 %223 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %195 %224 = sext i32 %197 to i64 %225 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224 %226 = bitcast %struct.page_frag.647262* %225 to i8* %227 = bitcast %struct.page_frag.647262* %223 to i8* %228 = icmp eq i32 %198, 0 br i1 %228, label %237, label %229 %230 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 2 %231 = load i32, i32* %230, align 4 %232 = add i32 %231, %198 store i32 %232, i32* %230, align 4 %233 = getelementptr [17 x %struct.page_frag.647262], [17 x %struct.page_frag.647262]* %200, i64 0, i64 %224, i32 1 %234 = load i32, i32* %233, align 8 %235 = sub i32 %234, %198 store i32 %235, i32* %233, align 8 %236 = icmp eq i64 %195, 0 br i1 %236, label %257, label %237 %258 = load i32, i32* %3, align 8 %259 = add i32 %258, %1 store i32 %259, i32* %3, align 8 %260 = load i32, i32* %36, align 4 %261 = sub i32 %260, %1 store i32 %261, i32* %36, align 4 %262 = icmp ne i32 %261, 0 %263 = icmp eq %struct.sk_buff.647384* %0, null %264 = or i1 %263, %262 br i1 %264, label %322, label %265 %266 = load i8*, i8** %39, align 8 %267 = load i32, i32* %6, align 4 %268 = zext i32 %267 to i64 %269 = getelementptr i8, i8* %266, i64 %268 %270 = getelementptr inbounds i8, i8* %269, i64 3 %271 = load i8, i8* %270, align 1 %272 = and i8 %271, 8 %273 = icmp eq i8 %272, 0 br i1 %273, label %322, label %274 %275 = getelementptr inbounds i8, i8* %269, i64 40 %276 = bitcast i8* %275 to %struct.ubuf_info** %277 = load %struct.ubuf_info*, %struct.ubuf_info** %276, align 8 %278 = icmp eq %struct.ubuf_info* %277, null br i1 %278, label %322, label %279 %280 = ptrtoint %struct.ubuf_info* %277 to i64 %281 = and i64 %280, 1 %282 = icmp eq i64 %281, 0 br i1 %282, label %283, label %313 %284 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 0 %285 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %286 = icmp eq void (%struct.ubuf_info*, i1)* %285, @sock_zerocopy_callback br i1 %286, label %287, label %312 %288 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 1 %289 = bitcast %union.anon.200.646320* %288 to %struct.anon.188.647729* %290 = getelementptr inbounds %struct.anon.188.647729, %struct.anon.188.647729* %289, i64 0, i32 2 %291 = load i8, i8* %290, align 2 %292 = and i8 %291, -2 store i8 %292, i8* %290, align 2 %293 = getelementptr inbounds %struct.ubuf_info, %struct.ubuf_info* %277, i64 0, i32 2 %294 = getelementptr inbounds %union.anon.21, %union.anon.21* %293, i64 0, i32 0, i32 0 %295 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %294, i32 -1, i32* %294) #6, !srcloc !10 %296 = icmp eq i32 %295, 1 br i1 %296, label %302, label %297 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %303 = load void (%struct.ubuf_info*, i1)*, void (%struct.ubuf_info*, i1)** %284, align 8 %304 = icmp eq void (%struct.ubuf_info*, i1)* %303, null br i1 %304, label %309, label %305 %310 = getelementptr %struct.ubuf_info, %struct.ubuf_info* %277, i64 -1, i32 1 %311 = bitcast %union.anon.200.646320* %310 to %struct.sk_buff.647384* tail call void @consume_skb(%struct.sk_buff.647384* %311) #70 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 __neigh_event_send 4 __ip_do_redirect 5 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.707029*, %struct.net_device.707029** %9, align 8 %11 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.706927* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.706562* %0 to %struct.rtable.706564* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %55, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %77, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.706564* %56, %struct.sk_buff.706937* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.707040, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.707029*, %struct.net_device.707029** %28, align 8 %30 = bitcast %struct.fib_result.707040* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %298 %36 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %298 %40 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %298 %44 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %29, i64 0, i32 67 %45 = bitcast %struct.in_device.706989** %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = inttoptr i64 %46 to %struct.in_device.706989* %48 = icmp eq i64 %46, 0 br i1 %48, label %298, label %49 %50 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %29, i64 0, i32 107, i32 0 %51 = load %struct.net.706629*, %struct.net.706629** %50, align 8 %52 = icmp eq i32 %19, %27 br i1 %52, label %268, label %53 %54 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, 0 %57 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 0 %58 = load %struct.net_device.707029*, %struct.net_device.707029** %57, align 8 %59 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %58, i64 0, i32 107, i32 0 %60 = load %struct.net.706629*, %struct.net.706629** %59, align 8 %61 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %60, i64 0, i32 34, i32 5 %62 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %61, align 8 %63 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %62, i64 0, i32 1, i64 3 %64 = load i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %56, label %71, label %66 br i1 %65, label %268, label %67 %68 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 3 %69 = load i32, i32* %68, align 4 %70 = icmp eq i32 %69, 0 br i1 %70, label %268, label %76 %77 = and i32 %19, 240 %78 = icmp eq i32 %77, 224 %79 = add i32 %19, 1 %80 = icmp ult i32 %79, 2 %81 = or i1 %80, %78 br i1 %81, label %268, label %82 %83 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %62, i64 0, i32 1, i64 6 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %109 %87 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 6 %88 = load i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %109 %110 = tail call i32 bitcast (i32 (%struct.net.659201*, i32)* @inet_addr_type to i32 (%struct.net.706629*, i32)*)(%struct.net.706629* %51, i32 %19) #69 %111 = icmp eq i32 %110, 1 br i1 %111, label %112, label %268 %113 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 0, i32 0 %114 = load %struct.net_device.707029*, %struct.net_device.707029** %113, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %114, i64 0, i32 34 %116 = load i32, i32* %115, align 8 %117 = and i32 %116, 24 %118 = icmp eq i32 %117, 0 %119 = select i1 %118, i32 %19, i32 0 %120 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.706530** getelementptr inbounds (%struct.neigh_table.706531, %struct.neigh_table.706531* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.728523*, i32*)*, i1 (%struct.neighbour.728045*, i8*)*, i32 (%struct.neighbour.728045*)*, i32 (%struct.pneigh_entry.728032*)*, void (%struct.pneigh_entry.728032*)*, void (%struct.sk_buff.728431*)*, i32 (i8*)*, i1 (%struct.net_device.728523*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.728033, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.728036, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.728041*, %struct.pneigh_entry.728032** }* @arp_tbl to %struct.neigh_table.706531*), i64 0, i32 29) to i64*), align 8 %121 = inttoptr i64 %120 to %struct.neigh_hash_table.706530* %122 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 2, i64 0 %123 = ptrtoint %struct.net_device.707029* %114 to i64 %124 = lshr i64 %123, 32 %125 = xor i64 %124, %123 %126 = trunc i64 %125 to i32 %127 = xor i32 %119, %126 %128 = load i32, i32* %122, align 4 %129 = mul i32 %127, %128 %130 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 1 %131 = load i32, i32* %130, align 8 %132 = sub i32 32, %131 %133 = lshr i32 %129, %132 %134 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 0 %135 = load %struct.neighbour.706534**, %struct.neighbour.706534*** %134, align 8 %136 = zext i32 %133 to i64 %137 = getelementptr %struct.neighbour.706534*, %struct.neighbour.706534** %135, i64 %136 %138 = bitcast %struct.neighbour.706534** %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.neighbour.706534* %141 = icmp eq i64 %139, 0 br i1 %141, label %158, label %142 %143 = phi %struct.neighbour.706534* [ %156, %153 ], [ %140, %112 ] %144 = phi i64 [ %155, %153 ], [ %139, %112 ] %145 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %143, i64 0, i32 25 %146 = load %struct.net_device.707029*, %struct.net_device.707029** %145, align 8 %147 = icmp eq %struct.net_device.707029* %146, %114 br i1 %147, label %148, label %153 %149 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %143, i64 0, i32 26, i64 0 %150 = bitcast i8* %149 to i32* %151 = load i32, i32* %150, align 8 %152 = icmp eq i32 %151, %119 br i1 %152, label %158, label %153 %159 = phi %struct.neighbour.706534* [ %140, %112 ], [ %143, %148 ] %160 = icmp eq %struct.neighbour.706534* %159, null br i1 %160, label %184, label %161 %162 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %159, i64 0, i32 6 %163 = getelementptr inbounds %union.anon.21, %union.anon.21* %162, i64 0, i32 0, i32 0 %164 = load volatile i32, i32* %163, align 4 %165 = icmp eq i32 %164, 0 br i1 %165, label %176, label %166 %167 = phi i32 [ %174, %173 ], [ %164, %161 ] %168 = add i32 %167, 1 %169 = tail call { i8, i32 } asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $3, $1\0A\09/* output condition code z*/\0A", "={@ccz},=*m,={ax},r,*m,2,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %163, i32 %168, i32* %163, i32 %167) #6, !srcloc !6 %170 = extractvalue { i8, i32 } %169, 0 %171 = and i8 %170, 1 %172 = icmp eq i8 %171, 0 br i1 %172, label %173, label %176, !prof !7, !misexpect !8 %174 = extractvalue { i8, i32 } %169, 1 %175 = icmp eq i32 %174, 0 br i1 %175, label %176, label %166 %177 = phi i32 [ 0, %161 ], [ 0, %173 ], [ %167, %166 ] %178 = add i32 %177, 1 %179 = or i32 %178, %177 %180 = icmp sgt i32 %179, -1 br i1 %180, label %182, label %181, !prof !9, !misexpect !8 tail call void @refcount_warn_saturate(%union.anon.21* %162, i32 0) #69 br label %182 %183 = icmp eq i32 %177, 0 br i1 %183, label %184, label %187 tail call fastcc void @local_bh_enable.60299() #69 br label %188 %189 = phi %struct.neighbour.706534* [ %159, %187 ], [ %186, %184 ] %190 = bitcast %struct.neighbour.706534* %189 to i8* %191 = icmp ugt %struct.neighbour.706534* %189, inttoptr (i64 -4096 to %struct.neighbour.706534*) br i1 %191, label %298, label %192 %193 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %189, i64 0, i32 13 %194 = load i8, i8* %193, align 1 %195 = and i8 %194, -34 %196 = icmp eq i8 %195, 0 br i1 %196, label %197, label %208 %198 = load volatile i64, i64* @jiffies, align 64 %199 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %189, i64 0, i32 10 %200 = load volatile i64, i64* %199, align 8 %201 = icmp eq i64 %200, %198 br i1 %201, label %203, label %202 store volatile i64 %198, i64* %199, align 8 br label %203 %204 = and i8 %194, -38 %205 = icmp eq i8 %204, 0 br i1 %205, label %206, label %257 %207 = call i32 bitcast (i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)* @__neigh_event_send to i32 (%struct.neighbour.706534*, %struct.sk_buff.706937*)*)(%struct.neighbour.706534* %189, %struct.sk_buff.706937* null) #69 Function:__neigh_event_send %3 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %3) #69 %4 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 13 %5 = load i8, i8* %4, align 1 %6 = zext i8 %5 to i32 %7 = and i32 %6, 218 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %251 %10 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 15 %11 = load i8, i8* %10, align 1 %12 = icmp eq i8 %11, 0 br i1 %12, label %13, label %278 %14 = and i32 %6, 5 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %77 %78 = and i32 %6, 4 %79 = icmp eq i32 %78, 0 br i1 %79, label %126, label %80 %81 = and i8 %5, 27 %82 = icmp eq i8 %81, 0 br i1 %82, label %98, label %83 store i8 8, i8* %4, align 1 %99 = load volatile i64, i64* @jiffies, align 64 %100 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 4 store i64 %99, i64* %100, align 8 %101 = load volatile i64, i64* @jiffies, align 64 %102 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 2 %103 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %102, align 8 %104 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %103, i64 0, i32 10, i64 6 %105 = load i32, i32* %104, align 4 %106 = sext i32 %105 to i64 %107 = add i64 %101, %106 %108 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 6 %109 = getelementptr inbounds %union.anon.21, %union.anon.21* %108, i64 0, i32 0, i32 0 %110 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %109, i32 1, i32* %109) #6, !srcloc !8 %111 = icmp eq i32 %110, 0 br i1 %111, label %116, label %112, !prof !9, !misexpect !6 %113 = add i32 %110, 1 %114 = or i32 %113, %110 %115 = icmp sgt i32 %114, -1 br i1 %115, label %118, label %116, !prof !5, !misexpect !6 %117 = phi i32 [ 2, %98 ], [ 1, %112 ] tail call void @refcount_warn_saturate(%union.anon.21* %108, i32 %117) #69 br label %118 %119 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 9 %120 = tail call i32 @mod_timer(%struct.timer_list* %119, i64 %107) #69 %121 = icmp eq i32 %120, 0 br i1 %121, label %126, label %122, !prof !5, !misexpect !6 %123 = load i8, i8* %4, align 1 %124 = zext i8 %123 to i32 %125 = tail call i32 (i8*, ...) @printk(i8* getelementptr inbounds ([43 x i8], [43 x i8]* @.str.15.58829, i64 0, i64 0), i32 %124) #70 tail call void @dump_stack() #70 br label %126 %127 = phi i1 [ true, %122 ], [ true, %118 ], [ false, %70 ], [ false, %66 ], [ true, %77 ] %128 = load i8, i8* %4, align 1 %129 = icmp eq i8 %128, 1 br i1 %129, label %130, label %226 %131 = icmp eq %struct.sk_buff.653931* %1, null br i1 %131, label %226, label %132 %133 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 7 %134 = load i32, i32* %133, align 4 %135 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 42 %136 = load i32, i32* %135, align 8 %137 = add i32 %136, %134 %138 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 2 %139 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %138, align 8 %140 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %139, i64 0, i32 10, i64 8 %141 = load i32, i32* %140, align 4 %142 = icmp ugt i32 %137, %141 br i1 %142, label %143, label %182 %144 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8 %145 = getelementptr inbounds %struct.sk_buff_head.653932, %struct.sk_buff_head.653932* %144, i64 0, i32 0 %146 = bitcast %struct.sk_buff_head.653932* %144 to %struct.sk_buff.653931* %147 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8, i32 2 %148 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 1 br label %149 %150 = load %struct.sk_buff.653931*, %struct.sk_buff.653931** %145, align 8 %151 = icmp eq %struct.sk_buff.653931* %150, %146 %152 = icmp eq %struct.sk_buff.653931* %150, null %153 = or i1 %151, %152 br i1 %153, label %182, label %154 %155 = load i32, i32* %147, align 8 %156 = add i32 %155, -1 store volatile i32 %156, i32* %147, align 4 %157 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %150, i64 0, i32 0, i32 0, i32 0 %158 = load %struct.sk_buff.653931*, %struct.sk_buff.653931** %157, align 8 %159 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %150, i64 0, i32 0, i32 0, i32 1 %160 = load %struct.sk_buff.653931*, %struct.sk_buff.653931** %159, align 8 %161 = ptrtoint %struct.sk_buff.653931* %160 to i64 %162 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %158, i64 0, i32 0, i32 0, i32 1 %163 = bitcast %struct.sk_buff.653931** %162 to i64* %164 = bitcast %struct.sk_buff.653931* %150 to i8* store volatile i64 %161, i64* %163, align 8 %165 = ptrtoint %struct.sk_buff.653931* %158 to i64 %166 = bitcast %struct.sk_buff.653931* %160 to i64* store volatile i64 %165, i64* %166, align 8 %167 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %150, i64 0, i32 42 %168 = load i32, i32* %167, align 8 %169 = load i32, i32* %133, align 4 %170 = sub i32 %169, %168 store i32 %170, i32* %133, align 4 tail call void bitcast (void (%struct.sk_buff.647384*)* @kfree_skb to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* nonnull %150) #69 %171 = load %struct.neigh_table.653683*, %struct.neigh_table.653683** %148, align 8 %172 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %171, i64 0, i32 28 %173 = load %struct.neigh_statistics*, %struct.neigh_statistics** %172, align 8 %174 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %173, i64 0, i32 10 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %174, i64* %174) #6, !srcloc !10 %175 = load i32, i32* %133, align 4 %176 = load i32, i32* %135, align 8 %177 = add i32 %176, %175 %178 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %138, align 8 %179 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %178, i64 0, i32 10, i64 8 %180 = load i32, i32* %179, align 4 %181 = icmp ugt i32 %177, %180 br i1 %181, label %149, label %182 %183 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 4, i32 0, i32 0 %184 = load i64, i64* %183, align 8 %185 = and i64 %184, 1 %186 = icmp ne i64 %185, 0 %187 = icmp ugt i64 %184, 1 %188 = and i1 %187, %186 br i1 %188, label %189, label %208 %209 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8 %210 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8, i32 1 %211 = load %struct.sk_buff.653931*, %struct.sk_buff.653931** %210, align 8 %212 = ptrtoint %struct.sk_buff_head.653932* %209 to i64 %213 = bitcast %struct.sk_buff.653931* %1 to i64* store volatile i64 %212, i64* %213, align 8 %214 = ptrtoint %struct.sk_buff.653931* %211 to i64 %215 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %1, i64 0, i32 0, i32 0, i32 1 %216 = bitcast %struct.sk_buff.653931** %215 to i64* store volatile i64 %214, i64* %216, align 8 %217 = ptrtoint %struct.sk_buff.653931* %1 to i64 %218 = bitcast %struct.sk_buff.653931** %210 to i64* store volatile i64 %217, i64* %218, align 8 %219 = bitcast %struct.sk_buff.653931* %211 to i64* store volatile i64 %217, i64* %219, align 8 %220 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8, i32 2 %221 = load i32, i32* %220, align 8 %222 = add i32 %221, 1 store volatile i32 %222, i32* %220, align 4 %223 = load i32, i32* %135, align 8 %224 = load i32, i32* %133, align 4 %225 = add i32 %224, %223 store i32 %225, i32* %133, align 4 br label %226 %227 = phi i32 [ 0, %126 ], [ 1, %130 ], [ 1, %208 ] br i1 %127, label %251, label %228 %229 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8 %230 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 8, i32 1 %231 = bitcast %struct.sk_buff.653931** %230 to i64* %232 = load volatile i64, i64* %231, align 8 %233 = inttoptr i64 %232 to %struct.sk_buff.653931* %234 = bitcast %struct.sk_buff_head.653932* %229 to %struct.sk_buff.653931* %235 = icmp eq %struct.sk_buff.653931* %233, %234 %236 = icmp eq i64 %232, 0 %237 = or i1 %236, %235 br i1 %237, label %240, label %238 %239 = tail call %struct.sk_buff.653931* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.653931* (%struct.sk_buff.653931*, i32)*)(%struct.sk_buff.653931* nonnull %233, i32 2592) #69 br label %240 %241 = phi %struct.sk_buff.653931* [ %239, %238 ], [ null, %228 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 %242 = bitcast %struct.rwlock_t* %3 to i8* store volatile i8 0, i8* %242, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %243 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 22 %244 = load %struct.neigh_ops.653685*, %struct.neigh_ops.653685** %243, align 8 %245 = getelementptr inbounds %struct.neigh_ops.653685, %struct.neigh_ops.653685* %244, i64 0, i32 1 %246 = load void (%struct.neighbour.653686*, %struct.sk_buff.653931*)*, void (%struct.neighbour.653686*, %struct.sk_buff.653931*)** %245, align 8 %247 = icmp eq void (%struct.neighbour.653686*, %struct.sk_buff.653931*)* %246, null br i1 %247, label %249, label %248 %250 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 11, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %250, i32* %250) #6, !srcloc !14 tail call void bitcast (void (%struct.sk_buff.647384*)* @consume_skb to void (%struct.sk_buff.653931*)*)(%struct.sk_buff.653931* %241) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.245212* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.245212* %26, null br i1 %27, label %57, label %28 %29 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %59 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @skb_put to i8* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %61, label %44 br label %197 %198 = phi %struct.sk_buff.245212* [ %192, %191 ], [ %26, %59 ], [ %26, %61 ] %199 = phi i32 [ %194, %191 ], [ %60, %59 ], [ -9, %61 ] call void bitcast (void (%struct.sk_buff.647384*)* @consume_skb to void (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* %198) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.245212* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.245212* %26, null br i1 %27, label %57, label %28 %29 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %59 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @skb_put to i8* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %61, label %44 br label %197 %198 = phi %struct.sk_buff.245212* [ %192, %191 ], [ %26, %59 ], [ %26, %61 ] %199 = phi i32 [ %194, %191 ], [ %60, %59 ], [ -9, %61 ] call void bitcast (void (%struct.sk_buff.647384*)* @consume_skb to void (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* %198) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 skb_release_head_state 1 __kfree_skb 2 consume_skb 3 do_mq_notify 4 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %25 = bitcast i64* %3 to i8* %26 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (i32, i32, i32, i32)* @__alloc_skb to %struct.sk_buff.245212* (i32, i32, i32, i32)*)(i32 32, i32 3264, i32 0, i32 -1) #69 %27 = icmp eq %struct.sk_buff.245212* %26, null br i1 %27, label %57, label %28 %29 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %30 = load i8*, i8** %29, align 8 %31 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 0, i32 0 %32 = load i8*, i8** %31, align 8 %33 = tail call i64 @_copy_from_user(i8* %30, i8* %32, i64 32) #69 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %59 %36 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @skb_put to i8* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* nonnull %26, i32 32) #69 %37 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 1 br label %38 %39 = load i32, i32* %37, align 8 %40 = call i64 @__fdget(i32 %39) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %61, label %44 br label %197 %198 = phi %struct.sk_buff.245212* [ %192, %191 ], [ %26, %59 ], [ %26, %61 ] %199 = phi i32 [ %194, %191 ], [ %60, %59 ], [ -9, %61 ] call void bitcast (void (%struct.sk_buff.647384*)* @consume_skb to void (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* %198) #69 Function:consume_skb %2 = icmp eq %struct.sk_buff.647384* %0, null br i1 %2, label %42, label %3, !prof !4, !misexpect !5 %4 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 43 %5 = getelementptr inbounds %union.anon.21, %union.anon.21* %4, i64 0, i32 0, i32 0 %6 = load volatile i32, i32* %5, align 4 %7 = icmp eq i32 %6, 1 br i1 %7, label %8, label %9, !prof !6, !misexpect !7 %10 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %5, i32 -1, i32* %5) #6, !srcloc !9 %11 = icmp eq i32 %10, 1 br i1 %11, label %17, label %12, !prof !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 br label %18 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_consume_skb to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@consume_skb, %19)) #6 to label %41 [label %19], !srcloc !12 tail call void @__kfree_skb(%struct.sk_buff.647384* nonnull %0) #70 Function:__kfree_skb tail call void @skb_release_head_state(%struct.sk_buff.647384* %0) #69 Function:skb_release_head_state %2 = getelementptr inbounds %struct.sk_buff.647384, %struct.sk_buff.647384* %0, i64 0, i32 4, i32 0, i32 0 %3 = load i64, i64* %2, align 8 %4 = icmp eq i64 %3, 0 br i1 %4, label %12, label %5 %6 = and i64 %3, 1 %7 = icmp eq i64 %6, 0 br i1 %7, label %8, label %11 %9 = and i64 %3, -2 %10 = inttoptr i64 %9 to %struct.dst_entry.647271* tail call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.647271*)*)(%struct.dst_entry.647271* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 mqueue_flush_file ------------- Path:  Function:mqueue_flush_file %3 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %0, i64 0, i32 2 %4 = load %struct.inode.245632*, %struct.inode.245632** %3, align 8 %5 = getelementptr %struct.inode.245632, %struct.inode.245632* %4, i64 -1, i32 47 %6 = bitcast i8** %5 to %struct.mqueue_inode_info* %7 = bitcast i8** %5 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %7) #69 %8 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %8, i64 0, i32 87 %10 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %9, align 8 %11 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %10, i64 0, i32 21, i64 1 %12 = load %struct.pid.245407*, %struct.pid.245407** %11, align 8 %13 = getelementptr inbounds i8*, i8** %5, i64 94 %14 = bitcast i8** %13 to %struct.pid.245407** %15 = load %struct.pid.245407*, %struct.pid.245407** %14, align 8 %16 = icmp eq %struct.pid.245407* %12, %15 br i1 %16, label %17, label %40 %18 = icmp eq %struct.pid.245407* %12, null br i1 %18, label %36, label %19 %20 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %6, i64 0, i32 7, i32 2 %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 2 br i1 %22, label %23, label %36 %24 = getelementptr inbounds i8*, i8** %5, i64 99 %25 = bitcast i8** %24 to %struct.sk_buff.245212** %26 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %27 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %26, i64 0, i32 41 %28 = load i8*, i8** %27, align 8 %29 = getelementptr i8, i8* %28, i64 31 store i8 2, i8* %29, align 1 %30 = getelementptr inbounds i8*, i8** %5, i64 98 %31 = bitcast i8** %30 to %struct.sock.245448** %32 = load %struct.sock.245448*, %struct.sock.245448** %31, align 8 %33 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %25, align 8 %34 = tail call i32 @netlink_sendskb(%struct.sock.245448* %32, %struct.sk_buff.245212* %33) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %155 = icmp eq i64 %153, 0 br i1 %155, label %187, label %156 %157 = and i64 %153, 1 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %162 %160 = and i64 %153, -2 %161 = inttoptr i64 %160 to %struct.dst_entry.653706* call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.653706*)*)(%struct.dst_entry.653706* %161) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __ia32_compat_sys_mq_notify ------------- Path:  Function:__ia32_compat_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %25, label %11 %12 = inttoptr i64 %7 to %struct.compat_sigevent* %13 = call i32 @get_compat_sigevent(%struct.sigevent* nonnull %2, %struct.compat_sigevent* nonnull %12) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %29 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 2 br i1 %18, label %19, label %25 %20 = bitcast %struct.sigevent* %2 to i32* %21 = load i32, i32* %20, align 8 %22 = zext i32 %21 to i64 %23 = inttoptr i64 %22 to i8* %24 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %2, i64 0, i32 0, i32 0 store i8* %23, i8** %24, align 8 br label %25 %26 = phi %struct.sigevent* [ null, %1 ], [ %2, %19 ], [ %2, %15 ] %27 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %26) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %155 = icmp eq i64 %153, 0 br i1 %155, label %187, label %156 %157 = and i64 %153, 1 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %162 %160 = and i64 %153, -2 %161 = inttoptr i64 %160 to %struct.dst_entry.653706* call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.653706*)*)(%struct.dst_entry.653706* %161) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __ia32_sys_mq_notify ------------- Path:  Function:__ia32_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.sigevent* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %15, label %11 %12 = inttoptr i64 %7 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %12, i64 64) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %19 %16 = phi %struct.sigevent* [ null, %1 ], [ %2, %11 ] %17 = call fastcc i32 @do_mq_notify(i32 %8, %struct.sigevent* %16) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %155 = icmp eq i64 %153, 0 br i1 %155, label %187, label %156 %157 = and i64 %153, 1 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %162 %160 = and i64 %153, -2 %161 = inttoptr i64 %160 to %struct.dst_entry.653706* call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.653706*)*)(%struct.dst_entry.653706* %161) #69 ------------- Use: =BAD PATH= Call Stack: 0 __dev_queue_xmit 1 dev_queue_xmit 2 netlink_deliver_tap 3 netlink_sendskb 4 do_mq_notify 5 __x64_sys_mq_notify ------------- Path:  Function:__x64_sys_mq_notify %2 = alloca %struct.sigevent, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.sigevent* %2 to i8* %9 = icmp eq i64 %6, 0 br i1 %9, label %14, label %10 %11 = inttoptr i64 %6 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %8, i8* nonnull %11, i64 64) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %18 %15 = phi %struct.sigevent* [ null, %1 ], [ %2, %10 ] %16 = call fastcc i32 @do_mq_notify(i32 %7, %struct.sigevent* %15) #69 Function:do_mq_notify %3 = alloca i64, align 8 %4 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !4 %5 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 97 %6 = load %struct.audit_context*, %struct.audit_context** %5, align 8 %7 = icmp eq %struct.audit_context* %6, null br i1 %7, label %13, label %8 %14 = icmp eq %struct.sigevent* %1, null br i1 %14, label %62, label %15 %16 = getelementptr inbounds %struct.sigevent, %struct.sigevent* %1, i64 0, i32 2 %17 = load i32, i32* %16, align 4 %18 = icmp ult i32 %17, 3 br i1 %18, label %19, label %200 switch i32 %17, label %62 [ i32 0, label %20 i32 2, label %24 ] %63 = phi %struct.sk_buff.245212* [ null, %13 ], [ %26, %56 ], [ null, %20 ], [ null, %19 ] %64 = phi %struct.sock.245448* [ null, %13 ], [ %45, %56 ], [ null, %20 ], [ null, %19 ] %65 = call i64 @__fdget(i32 %0) #69 %66 = and i64 %65, -4 %67 = inttoptr i64 %66 to %struct.file.245414* %68 = icmp eq i64 %66, 0 br i1 %68, label %191, label %69 %70 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 2 %71 = load %struct.inode.245632*, %struct.inode.245632** %70, align 8 %72 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %67, i64 0, i32 3 %73 = load %struct.file_operations.245405*, %struct.file_operations.245405** %72, align 8 %74 = icmp eq %struct.file_operations.245405* %73, @mqueue_file_operations br i1 %74, label %75, label %184, !prof !7, !misexpect !6 %76 = getelementptr %struct.inode.245632, %struct.inode.245632* %71, i64 -1, i32 47 %77 = bitcast i8** %76 to %struct.mqueue_inode_info* %78 = bitcast i8** %76 to %struct.raw_spinlock* call void @_raw_spin_lock(%struct.raw_spinlock* %78) #69 %79 = getelementptr inbounds i8*, i8** %76, i64 94 %80 = bitcast i8** %79 to %struct.pid.245407** %81 = load %struct.pid.245407*, %struct.pid.245407** %80, align 8 br i1 %14, label %82, label %120 %83 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %4, i64 0, i32 87 %84 = load %struct.signal_struct.245698*, %struct.signal_struct.245698** %83, align 8 %85 = getelementptr %struct.signal_struct.245698, %struct.signal_struct.245698* %84, i64 0, i32 21, i64 1 %86 = load %struct.pid.245407*, %struct.pid.245407** %85, align 8 %87 = icmp eq %struct.pid.245407* %81, %86 br i1 %87, label %88, label %179 %89 = icmp eq %struct.pid.245407* %81, null br i1 %89, label %107, label %90 %91 = getelementptr inbounds %struct.mqueue_inode_info, %struct.mqueue_inode_info* %77, i64 0, i32 7, i32 2 %92 = load i32, i32* %91, align 4 %93 = icmp eq i32 %92, 2 br i1 %93, label %94, label %107 %95 = getelementptr inbounds i8*, i8** %76, i64 99 %96 = bitcast i8** %95 to %struct.sk_buff.245212** %97 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %98 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %97, i64 0, i32 41 %99 = load i8*, i8** %98, align 8 %100 = getelementptr i8, i8* %99, i64 31 store i8 2, i8* %100, align 1 %101 = getelementptr inbounds i8*, i8** %76, i64 98 %102 = bitcast i8** %101 to %struct.sock.245448** %103 = load %struct.sock.245448*, %struct.sock.245448** %102, align 8 %104 = load %struct.sk_buff.245212*, %struct.sk_buff.245212** %96, align 8 %105 = call i32 @netlink_sendskb(%struct.sock.245448* %103, %struct.sk_buff.245212* %104) #69 Function:netlink_sendskb %3 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 6 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %0, i64 0, i32 0, i32 9, i32 0 %6 = load %struct.net.245522*, %struct.net.245522** %5, align 8 tail call fastcc void @netlink_deliver_tap(%struct.net.245522* %6, %struct.sk_buff.245212* %1) #69 Function:netlink_deliver_tap %3 = load i32, i32* @netlink_tap_net_id, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = getelementptr inbounds %struct.net.245522, %struct.net.245522* %0, i64 0, i32 43 %5 = bitcast %struct.net_generic** %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to [0 x i8*]* %8 = zext i32 %3 to i64 %9 = getelementptr [0 x i8*], [0 x i8*]* %7, i64 0, i64 %8 %10 = load i8*, i8** %9, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = bitcast i8* %10 to %struct.list_head* %12 = bitcast i8* %10 to i64* %13 = load volatile i64, i64* %12, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %14, %11 br i1 %15, label %124, label %16, !prof !6, !misexpect !7 %17 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 1, i32 0 %18 = load %struct.sock.245448*, %struct.sock.245448** %17, align 8 %19 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %18, i64 0, i32 44 %20 = load i32, i32* %19, align 8 %21 = lshr i32 %20, 8 %22 = trunc i32 %21 to i8 switch i8 %22, label %124 [ i8 0, label %23 i8 2, label %23 i8 4, label %23 i8 5, label %23 i8 6, label %23 i8 10, label %23 i8 12, label %23 i8 16, label %23 ] %24 = load volatile i64, i64* %12, align 8 %25 = inttoptr i64 %24 to %struct.list_head* %26 = icmp eq %struct.list_head* %11, %25 br i1 %26, label %124, label %27 %28 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 40 %29 = bitcast i8** %28 to i64* %30 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 39 %31 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 12 %32 = bitcast i8* %31 to i32* %33 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 16 %34 = bitcast i8* %33 to i32* %35 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 3, i64 0 %36 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %1, i64 0, i32 41 br label %37 %38 = phi %struct.sock.245448* [ %18, %27 ], [ %123, %122 ] %39 = phi i64 [ %24, %27 ], [ %119, %122 ] %40 = inttoptr i64 %39 to i8* %41 = getelementptr i8, i8* %40, i64 -16 %42 = bitcast i8* %41 to %struct.net_device.245351** %43 = load %struct.net_device.245351*, %struct.net_device.245351** %42, align 8 %44 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 107, i32 0 %45 = load %struct.net.245522*, %struct.net.245522** %44, align 8 %46 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 0, i32 9, i32 0 %47 = load %struct.net.245522*, %struct.net.245522** %46, align 8 %48 = icmp eq %struct.net.245522* %45, %47 br i1 %48, label %49, label %117 %50 = icmp eq %struct.net_device.245351* %43, null br i1 %50, label %54, label %51 %52 = getelementptr inbounds %struct.net_device.245351, %struct.net_device.245351* %43, i64 0, i32 98 %53 = load i32*, i32** %52, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* %53, i32* %53) #6, !srcloc !8 br label %54 %55 = load i64, i64* %29, align 8 %56 = load i64, i64* @vmalloc_base, align 8 %57 = icmp ule i64 %56, %55 %58 = add i64 %56, 35184372088831 %59 = icmp ugt i64 %58, %55 %60 = and i1 %57, %59 br i1 %60, label %61, label %76 %77 = tail call %struct.sk_buff.245212* bitcast (%struct.sk_buff.647384* (%struct.sk_buff.647384*, i32)* @skb_clone to %struct.sk_buff.245212* (%struct.sk_buff.245212*, i32)*)(%struct.sk_buff.245212* %1, i32 2592) #69 %78 = icmp eq %struct.sk_buff.245212* %77, null br i1 %78, label %110, label %79 %80 = phi %struct.sk_buff.245212* [ %63, %65 ], [ %77, %76 ] %81 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 0, i32 0, i32 2, i32 0 store %struct.net_device.245351* %43, %struct.net_device.245351** %81, align 8 %82 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 0, i32 44 %83 = load i32, i32* %82, align 8 %84 = trunc i32 %83 to i16 %85 = and i16 %84, -256 %86 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 33 store i16 %85, i16* %86, align 8 %87 = getelementptr inbounds %struct.sock.245448, %struct.sock.245448* %38, i64 1, i32 0, i32 2, i32 0 %88 = load i32, i32* %87, align 4 %89 = and i32 %88, 1 %90 = icmp eq i32 %89, 0 %91 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 16 %92 = select i1 %90, i16 6, i16 7 %93 = load i16, i16* %91, align 8 %94 = and i16 %93, -8 %95 = or i16 %92, %94 store i16 %95, i16* %91, align 8 %96 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 41 %97 = bitcast i8** %96 to i64* %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 40 %100 = bitcast i8** %99 to i64* %101 = load i64, i64* %100, align 8 %102 = sub i64 %98, %101 %103 = trunc i64 %102 to i16 %104 = getelementptr inbounds %struct.sk_buff.245212, %struct.sk_buff.245212* %80, i64 0, i32 35 store i16 %103, i16* %104, align 4 %105 = tail call i32 bitcast (i32 (%struct.sk_buff.653931*)* @dev_queue_xmit to i32 (%struct.sk_buff.245212*)*)(%struct.sk_buff.245212* nonnull %80) #69 Function:dev_queue_xmit %2 = tail call fastcc i32 @__dev_queue_xmit(%struct.sk_buff.653931* %0, %struct.net_device.653918* null) #69 Function:__dev_queue_xmit %3 = alloca i64, align 8 %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = alloca %struct.sk_buff.653931*, align 8 %7 = alloca %struct.tcphdr, align 4 %8 = alloca %struct.winsize, align 2 %9 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.653918*, %struct.net_device.653918** %9, align 8 %11 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 41 %12 = bitcast i8** %11 to i64* %13 = load i64, i64* %12, align 8 %14 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 40 %15 = bitcast i8** %14 to i64* %16 = load i64, i64* %15, align 8 %17 = sub i64 %13, %16 %18 = trunc i64 %17 to i16 %19 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 36 store i16 %18, i16* %19, align 2 %20 = inttoptr i64 %16 to i8* %21 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 39 %22 = load i32, i32* %21, align 4 %23 = zext i32 %22 to i64 %24 = getelementptr i8, i8* %20, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 3 %26 = load i8, i8* %25, align 1 %27 = and i8 %26, 64 %28 = icmp eq i8 %27, 0 br i1 %28, label %32, label %29, !prof !4, !misexpect !5 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %33 = load i8*, i8** %14, align 8 %34 = load i32, i32* %21, align 4 %35 = zext i32 %34 to i64 %36 = getelementptr i8, i8* %33, i64 %35 %37 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 6 %38 = load i32, i32* %37, align 8 %39 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 3, i64 0 %40 = bitcast i8* %39 to i32* store i32 %38, i32* %40, align 4 %41 = getelementptr inbounds i8, i8* %36, i64 4 %42 = bitcast i8* %41 to i16* %43 = load i16, i16* %42, align 4 %44 = icmp eq i16 %43, 0 br i1 %44, label %144, label %45 %145 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 18 %146 = load i16, i16* %145, align 2 %147 = and i16 %146, -4097 store i16 %147, i16* %145, align 2 %148 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %10, i64 0, i32 35 %149 = load i32, i32* %148, align 4 %150 = and i32 %149, 32 %151 = icmp eq i32 %150, 0 %152 = getelementptr inbounds %struct.sk_buff.653931, %struct.sk_buff.653931* %0, i64 0, i32 4, i32 0, i32 0 %153 = load i64, i64* %152, align 8 br i1 %151, label %163, label %154 %155 = icmp eq i64 %153, 0 br i1 %155, label %187, label %156 %157 = and i64 %153, 1 %158 = icmp eq i64 %157, 0 br i1 %158, label %159, label %162 %160 = and i64 %153, -2 %161 = inttoptr i64 %160 to %struct.dst_entry.653706* call void bitcast (void (%struct.dst_entry.655458*)* @dst_release to void (%struct.dst_entry.653706*)*)(%struct.dst_entry.653706* %161) #69 ------------- Good: 955 Bad: 18 Ignored: 2835 Check Use of Function:xt_compat_check_entry_offsets Check Use of Function:__netlink_dump_start Check Use of Function:rescan_partitions Check Use of Function:is_subdir Check Use of Function:sr_reset Check Use of Function:dev_valid_name Check Use of Function:max_swapfile_size Check Use of Function:__printk_ratelimit Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_status_user_compat 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %580, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.628966*, %struct.snd_pcm_substream.628966** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.628966* %16, null br i1 %17, label %580, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %580 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %398 i32 1074544976, label %508 i32 -2146680495, label %512 i32 1074544978, label %516 i32 -2146680493, label %520 i32 -2147204831, label %524 i32 1074020678, label %538 i32 1074020681, label %559 ] %206 = inttoptr i64 %8 to %struct.snd_pcm_status32* %207 = tail call fastcc i32 @snd_pcm_status_user_compat(%struct.snd_pcm_substream.628966* nonnull %16, %struct.snd_pcm_status32* %206, i1 zeroext true) #69 Function:snd_pcm_status_user_compat %4 = alloca %struct.snd_pcm_status, align 8 %5 = bitcast %struct.snd_pcm_status* %4 to i8* br i1 %2, label %6, label %18 %8 = getelementptr inbounds %struct.snd_pcm_status32, %struct.snd_pcm_status32* %1, i64 0, i32 10 %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %7) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = trunc i64 %11 to i32 %15 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %4, i64 0, i32 10 store i32 %14, i32* %15, align 4 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %114, !prof !5, !misexpect !6 %19 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.628966* %0, %struct.snd_pcm_status* nonnull %4) #69 Function:snd_pcm_status %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.628951*, %struct.snd_pcm.628951** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.628951, %struct.snd_pcm.628951* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 %14 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 1 %57 = bitcast %struct.anon.54* %55 to i8* %58 = bitcast %struct.anon.54* %56 to i8* %59 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.629321*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.628966*)*)(%struct.snd_pcm_substream.628966* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.629321* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.629316*, %struct.snd_pcm_runtime.629316** %12, align 8 %14 = bitcast %struct.anon.54* %9 to i8* %15 = bitcast %struct.anon.54* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.629321*)*, i64 (%struct.snd_pcm_substream.629321*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.629321* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.54* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_pcm_update_hw_ptr0 1 snd_pcm_update_hw_ptr 2 snd_pcm_status 3 snd_pcm_status_user_compat 4 snd_pcm_ioctl_compat ------------- Path:  Function:snd_pcm_ioctl_compat %4 = alloca i64, align 8 %5 = alloca %struct.agp_allocate, align 8 %6 = alloca %struct.snd_pcm_mmap_status, align 8 %7 = alloca %struct.snd_pcm_sw_params, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_pcm_file** %12 = load %struct.snd_pcm_file*, %struct.snd_pcm_file** %11, align 8 %13 = icmp eq %struct.snd_pcm_file* %12, null br i1 %13, label %580, label %14 %15 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 0 %16 = load %struct.snd_pcm_substream.628966*, %struct.snd_pcm_substream.628966** %15, align 8 %17 = icmp eq %struct.snd_pcm_substream.628966* %16, null br i1 %17, label %580, label %18 %19 = getelementptr inbounds %struct.snd_pcm_file, %struct.snd_pcm_file* %12, i64 0, i32 1 store i32 1, i32* %19, align 8 switch i32 %1, label %580 [ i32 -2147204864, label %20 i32 -2128592639, label %20 i32 1074020610, label %20 i32 1074020611, label %20 i32 1074020612, label %20 i32 16674, label %20 i32 16704, label %20 i32 16705, label %20 i32 16706, label %20 i32 16707, label %20 i32 16708, label %20 i32 1074020677, label %20 i32 16658, label %20 i32 16711, label %20 i32 16712, label %20 i32 1074020704, label %20 i32 16737, label %20 i32 -1034141424, label %23 i32 -1034141423, label %27 i32 -1066909421, label %31 i32 -2140389088, label %201 i32 -1066647260, label %205 i32 -1065074397, label %209 i32 -2146418382, label %398 i32 1074544976, label %508 i32 -2146680495, label %512 i32 1074544978, label %516 i32 -2146680493, label %520 i32 -2147204831, label %524 i32 1074020678, label %538 i32 1074020681, label %559 ] %206 = inttoptr i64 %8 to %struct.snd_pcm_status32* %207 = tail call fastcc i32 @snd_pcm_status_user_compat(%struct.snd_pcm_substream.628966* nonnull %16, %struct.snd_pcm_status32* %206, i1 zeroext true) #69 Function:snd_pcm_status_user_compat %4 = alloca %struct.snd_pcm_status, align 8 %5 = bitcast %struct.snd_pcm_status* %4 to i8* br i1 %2, label %6, label %18 %8 = getelementptr inbounds %struct.snd_pcm_status32, %struct.snd_pcm_status32* %1, i64 0, i32 10 %9 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %8, i64 4, i64 %7) #6, !srcloc !4 %10 = extractvalue { i32*, i64, i64 } %9, 0 %11 = extractvalue { i32*, i64, i64 } %9, 1 %12 = extractvalue { i32*, i64, i64 } %9, 2 %13 = ptrtoint i32* %10 to i64 %14 = trunc i64 %11 to i32 %15 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %4, i64 0, i32 10 store i32 %14, i32* %15, align 4 %16 = and i64 %13, 4294967295 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %114, !prof !5, !misexpect !6 %19 = call i32 @snd_pcm_status(%struct.snd_pcm_substream.628966* %0, %struct.snd_pcm_status* nonnull %4) #69 Function:snd_pcm_status %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 11 %7 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %8 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 0 %9 = load %struct.snd_pcm.628951*, %struct.snd_pcm.628951** %8, align 8 %10 = getelementptr inbounds %struct.snd_pcm.628951, %struct.snd_pcm.628951* %9, i64 0, i32 14 %11 = load i8, i8* %10, align 1, !range !4 %12 = icmp eq i8 %11, 0 br i1 %12, label %15, label %13 %14 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 17, i32 1 tail call void @mutex_lock(%struct.mutex* %14) #69 br label %17 %18 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 10 %19 = load i32, i32* %18, align 4 %20 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 55, i32 0 %21 = trunc i32 %19 to i8 %22 = load i8, i8* %20, align 4 %23 = and i8 %22, -32 %24 = and i8 %21, 31 %25 = or i8 %24, %23 store i8 %25, i8* %20, align 4 %26 = and i8 %21, 15 %27 = icmp eq i8 %26, 0 br i1 %27, label %28, label %39 %40 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 56, i32 0 %41 = load i8, i8* %40, align 4 %42 = or i8 %41, 1 store i8 %42, i8* %40, align 4 br label %43 %44 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 37 %45 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %46 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %45, i64 0, i32 0 %47 = load i32, i32* %46, align 8 %48 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 0 store i32 %47, i32* %48, align 8 %49 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %44, align 8 %50 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %49, i64 0, i32 4 %51 = load i32, i32* %50, align 8 %52 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 9 store i32 %51, i32* %52, align 8 %53 = icmp eq i32 %47, 0 br i1 %53, label %243, label %54 %55 = getelementptr inbounds %struct.snd_pcm_status, %struct.snd_pcm_status* %1, i64 0, i32 1 %56 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %7, i64 0, i32 1 %57 = bitcast %struct.anon.54* %55 to i8* %58 = bitcast %struct.anon.54* %56 to i8* %59 = load %struct.snd_pcm_runtime.628961*, %struct.snd_pcm_runtime.628961** %6, align 8 %60 = getelementptr inbounds %struct.snd_pcm_runtime.628961, %struct.snd_pcm_runtime.628961* %59, i64 0, i32 37 %61 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %60, align 8 %62 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %61, i64 0, i32 0 %63 = load i32, i32* %62, align 8 switch i32 %63, label %102 [ i32 3, label %68 i32 5, label %64 ] %65 = getelementptr inbounds %struct.snd_pcm_substream.628966, %struct.snd_pcm_substream.628966* %0, i64 0, i32 5 %66 = load i32, i32* %65, align 4 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %102 %69 = tail call i32 bitcast (i32 (%struct.snd_pcm_substream.629321*)* @snd_pcm_update_hw_ptr to i32 (%struct.snd_pcm_substream.628966*)*)(%struct.snd_pcm_substream.628966* %0) #69 Function:snd_pcm_update_hw_ptr %2 = tail call fastcc i32 @snd_pcm_update_hw_ptr0(%struct.snd_pcm_substream.629321* %0, i32 0) #69 Function:snd_pcm_update_hw_ptr0 %3 = alloca %struct.anon.54, align 8 %4 = alloca %struct.anon.54, align 8 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.anon.54, align 8 %10 = alloca %struct.anon.54, align 8 %11 = alloca [16 x i8], align 16 %12 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 11 %13 = load %struct.snd_pcm_runtime.629316*, %struct.snd_pcm_runtime.629316** %12, align 8 %14 = bitcast %struct.anon.54* %9 to i8* %15 = bitcast %struct.anon.54* %10 to i8* %16 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 37 %17 = load %struct.snd_pcm_mmap_status*, %struct.snd_pcm_mmap_status** %16, align 8 %18 = getelementptr inbounds %struct.snd_pcm_mmap_status, %struct.snd_pcm_mmap_status* %17, i64 0, i32 2 %19 = load i64, i64* %18, align 8 %20 = getelementptr inbounds %struct.snd_pcm_substream.629321, %struct.snd_pcm_substream.629321* %0, i64 0, i32 10 %21 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %22 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %21, i64 0, i32 7 %23 = load i64 (%struct.snd_pcm_substream.629321*)*, i64 (%struct.snd_pcm_substream.629321*)** %22, align 8 %24 = tail call i64 %23(%struct.snd_pcm_substream.629321* %0) #69 %25 = load volatile i64, i64* @jiffies, align 64 %26 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 27 %27 = load i32, i32* %26, align 8 %28 = icmp eq i32 %27, 1 br i1 %28, label %29, label %101 %30 = load %struct.snd_pcm_ops.629311*, %struct.snd_pcm_ops.629311** %20, align 8 %31 = getelementptr inbounds %struct.snd_pcm_ops.629311, %struct.snd_pcm_ops.629311* %30, i64 0, i32 8 %32 = load i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)*, i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)** %31, align 8 %33 = icmp eq i32 (%struct.snd_pcm_substream.629321*, %struct.anon.54*, %struct.anon.54*, %struct.cdrom_slot*, %struct.pci_devres*)* %32, null br i1 %33, label %74, label %34 %35 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 55 %36 = getelementptr %struct.cdrom_slot, %struct.cdrom_slot* %35, i64 0, i32 0 %37 = load i8, i8* %36, align 8 %38 = and i8 %37, 15 %39 = icmp eq i8 %38, 1 br i1 %39, label %74, label %40 %75 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 50 %76 = load i32, i32* %75, align 4 switch i32 %76, label %93 [ i32 1, label %77 i32 2, label %85 ] %94 = bitcast %struct.anon.54* %3 to i8* call void @ktime_get_real_ts64(%struct.anon.54* nonnull %3) #69 %95 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %96 = load i64, i64* %95, align 8 %97 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %98 = load i64, i64* %97, align 8 %99 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 0 store i64 %96, i64* %99, align 8 %100 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %9, i64 0, i32 1 store i64 %98, i64* %100, align 8 br label %101 %102 = icmp eq i64 %24, -1 br i1 %102, label %103, label %104 %105 = getelementptr inbounds %struct.snd_pcm_runtime.629316, %struct.snd_pcm_runtime.629316* %13, i64 0, i32 18 %106 = load i64, i64* %105, align 8 %107 = icmp ult i64 %24, %106 br i1 %107, label %122, label %108 %109 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([23 x i8], [23 x i8]* @__func__.snd_pcm_update_hw_ptr0, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %7 = load %struct.inode.251157*, %struct.inode.251157** %6, align 8 %8 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %7, i64 0, i32 8 %9 = load %struct.super_block.251140*, %struct.super_block.251140** %8, align 8 %10 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 32 %13 = bitcast i32* %5 to i8* %14 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %14, i64 0, i32 78 %16 = load %struct.cred*, %struct.cred** %15, align 64 %17 = getelementptr inbounds %struct.cred, %struct.cred* %16, i64 0, i32 20 %18 = load i8*, i8** %17, align 8 %19 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %20 = sext i32 %19 to i64 %21 = getelementptr i8, i8* %18, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 4 %23 = bitcast i8* %22 to i32* %24 = load i32, i32* %23, align 4 %25 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %24, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %32 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.context_struct_compute_av, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %8, i64 0, i32 78 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = getelementptr inbounds %struct.cred, %struct.cred* %10, i64 0, i32 20 %12 = load i8*, i8** %11, align 8 %13 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %14 = sext i32 %13 to i64 %15 = getelementptr i8, i8* %12, i64 %14 %16 = getelementptr inbounds i8, i8* %15, i64 4 %17 = bitcast i8* %16 to i32* %18 = load i32, i32* %17, align 4 %19 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %18, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %32 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.context_struct_compute_av, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %7 = load %struct.inode.251157*, %struct.inode.251157** %6, align 8 %8 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %7, i64 0, i32 8 %9 = load %struct.super_block.251140*, %struct.super_block.251140** %8, align 8 %10 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 32 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 10 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %16, i64 0, i32 78 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %32 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.context_struct_compute_av, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 context_struct_compute_av 1 security_compute_av 2 avc_compute_av 3 avc_has_perm_noaudit 4 avc_has_perm 5 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %10 = load %struct.inode.251157*, %struct.inode.251157** %9, align 8 %11 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %10, i64 0, i32 8 %12 = load %struct.super_block.251140*, %struct.super_block.251140** %11, align 8 %13 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 32 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 10 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %23 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %22, i64 0, i32 78 %24 = load %struct.cred*, %struct.cred** %23, align 64 %25 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 20 %26 = load i8*, i8** %25, align 8 %27 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %28 = sext i32 %27 to i64 %29 = getelementptr i8, i8* %26, i64 %28 %30 = getelementptr inbounds i8, i8* %29, i64 4 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %32, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %32 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.context_struct_compute_av, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 audit_log_start 1 audit_set_loginuid 2 proc_loginuid_write ------------- Path:  Function:proc_loginuid_write %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 2 %7 = load %struct.inode.162701*, %struct.inode.162701** %6, align 8 %8 = bitcast i32* %5 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = tail call %struct.task_struct.162579* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.162579** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.162579**)) #10, !srcloc !5 %10 = getelementptr %struct.inode.162701, %struct.inode.162701* %7, i64 -1, i32 41, i32 13 %11 = bitcast %struct.list_head* %10 to %struct.pid.162375** %12 = load %struct.pid.162375*, %struct.pid.162375** %11, align 8 %13 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %12, i32 0) #69 %14 = icmp eq %struct.task_struct.162579* %9, %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br i1 %14, label %15, label %29 %16 = load i64, i64* %3, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %29 %19 = call i32 @kstrtouint_from_user(i8* %1, i64 %2, i32 10, i32* nonnull %5) #69 %20 = icmp slt i32 %19, 0 br i1 %20, label %21, label %23 %24 = load i32, i32* %5, align 4 %25 = call i32 @audit_set_loginuid(i32 %24) #69 Function:audit_set_loginuid %2 = tail call %struct.task_struct.91394* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91394**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.91394, %struct.task_struct.91394* %2, i64 0, i32 98, i32 0 %4 = load i32, i32* %3, align 64 %5 = getelementptr inbounds %struct.task_struct.91394, %struct.task_struct.91394* %2, i64 0, i32 99 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, -1 br i1 %7, label %20, label %8 %9 = load i32, i32* getelementptr inbounds (%struct.ist_info, %struct.ist_info* @af, i64 0, i32 2), align 4 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %31 %13 = tail call zeroext i1 @capable(i32 30) #69 br i1 %13, label %14, label %31 %32 = phi i32 [ 0, %14 ], [ 1, %29 ], [ 0, %8 ], [ 0, %12 ] %33 = phi i32 [ -1, %14 ], [ 0, %29 ], [ -1, %8 ], [ -1, %12 ] %34 = phi i32 [ -1, %14 ], [ %30, %29 ], [ -1, %8 ], [ -1, %12 ] %35 = load i32, i32* @audit_enabled, align 4 %36 = icmp eq i32 %35, 0 br i1 %36, label %58, label %37 %38 = getelementptr inbounds %struct.task_struct.91394, %struct.task_struct.91394* %2, i64 0, i32 97 %39 = load %struct.audit_context*, %struct.audit_context** %38, align 8 %40 = tail call %struct.audit_buffer* @audit_log_start(%struct.audit_context* %39, i32 3264, i32 1006) #69 Function:audit_log_start %4 = alloca %struct.anon.54, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.wait_queue_entry, align 8 %7 = alloca i64, align 8 %8 = bitcast %struct.anon.54* %4 to i8* %9 = bitcast i32* %5 to i8* %10 = load i32, i32* @audit_initialized, align 4 %11 = icmp eq i32 %10, 1 br i1 %11, label %12, label %141 %13 = tail call i32 @audit_filter(i32 %2, i32 5) #69 %14 = icmp eq i32 %13, 0 br i1 %14, label %141, label %15, !prof !4, !misexpect !5 %16 = tail call %struct.task_struct.91394* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.91394** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.91394**)) #10, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %17 = load volatile i64, i64* bitcast (%struct.auditd_connection** @auditd_conn to i64*), align 8 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %20 %21 = inttoptr i64 %17 to %struct.auditd_connection* %22 = getelementptr inbounds %struct.auditd_connection, %struct.auditd_connection* %21, i64 0, i32 0 %23 = load %struct.pid.91398*, %struct.pid.91398** %22, align 8 %24 = getelementptr inbounds %struct.task_struct.91394, %struct.task_struct.91394* %16, i64 0, i32 87 %25 = load %struct.signal_struct.91357*, %struct.signal_struct.91357** %24, align 8 %26 = getelementptr %struct.signal_struct.91357, %struct.signal_struct.91357* %25, i64 0, i32 21, i64 1 %27 = load %struct.pid.91398*, %struct.pid.91398** %26, align 8 %28 = icmp eq %struct.pid.91398* %23, %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %28, label %91, label %29 %30 = load %struct.task_struct.91394*, %struct.task_struct.91394** bitcast (i8** getelementptr inbounds (%struct.audit_ctl_mutex, %struct.audit_ctl_mutex* @audit_cmd_mutex, i64 0, i32 1) to %struct.task_struct.91394**), align 8 %31 = icmp eq %struct.task_struct.91394* %16, %30 br i1 %31, label %91, label %32 %33 = load i32, i32* @audit_backlog_limit, align 4 %34 = icmp ne i32 %33, 0 %35 = load i32, i32* getelementptr inbounds (%struct.sk_buff_head.90915, %struct.sk_buff_head.90915* @audit_queue, i64 0, i32 2), align 8 %36 = icmp ugt i32 %35, %33 %37 = and i1 %34, %36 br i1 %37, label %38, label %91 %39 = load i32, i32* @audit_backlog_wait_time, align 4 %40 = zext i32 %39 to i64 %41 = and i32 %1, 1024 %42 = icmp ne i32 %41, 0 %43 = bitcast %struct.wait_queue_entry* %6 to i8* %44 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %6, i64 0, i32 0 %45 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %6, i64 0, i32 1 %46 = bitcast i8** %45 to %struct.task_struct.91394** %47 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %6, i64 0, i32 2 %48 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %6, i64 0, i32 3, i32 0 %49 = getelementptr inbounds %struct.task_struct.91394, %struct.task_struct.91394* %16, i64 0, i32 1 %50 = bitcast %struct.list_head** %48 to i8* %51 = bitcast i64* %7 to i8* br label %52 %53 = phi i64 [ %40, %38 ], [ %60, %56 ] call void @__wake_up(%struct.wait_queue_head* nonnull @kauditd_wait, i32 1, i32 1, i8* null) #69 %54 = icmp sgt i64 %53, 0 %55 = and i1 %42, %54 br i1 %55, label %56, label %66 %67 = load i32, i32* @audit_rate_limit, align 4 %68 = icmp eq i32 %67, 0 br i1 %68, label %83, label %69 %84 = call i32 @__printk_ratelimit(i8* getelementptr inbounds ([16 x i8], [16 x i8]* @__func__.audit_log_start, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 signal_fault 1 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sysctl 1 __ia32_compat_sys_sysctl ------------- Path:  Function:__ia32_compat_sys_sysctl %2 = alloca %struct.compat_sysctl_args, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.compat_sysctl_args* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 40) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %51 %11 = getelementptr inbounds %struct.compat_sysctl_args, %struct.compat_sysctl_args* %2, i64 0, i32 2 %12 = load i32, i32* %11, align 4 %13 = icmp eq i32 %12, 0 %14 = getelementptr inbounds %struct.compat_sysctl_args, %struct.compat_sysctl_args* %2, i64 0, i32 3 %15 = load i32, i32* %14, align 4 br i1 %13, label %21, label %16 %22 = zext i32 %15 to i64 %23 = inttoptr i64 %22 to i32* %24 = icmp eq i32 %15, 0 br i1 %24, label %36, label %25 %26 = phi i32* [ %20, %18 ], [ %23, %21 ] %28 = call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %26, i64 4, i64 %27) #6, !srcloc !4 %29 = extractvalue { i32*, i64, i64 } %28, 0 %30 = extractvalue { i32*, i64, i64 } %28, 1 %31 = extractvalue { i32*, i64, i64 } %28, 2 %32 = ptrtoint i32* %29 to i64 %33 = trunc i64 %30 to i32 %34 = and i64 %32, 4294967295 %35 = icmp eq i64 %34, 0 br i1 %35, label %36, label %51, !prof !5, !misexpect !6 %37 = phi i1 [ false, %25 ], [ true, %21 ] %38 = phi i32* [ %26, %25 ], [ %23, %21 ] %39 = phi i32 [ %33, %25 ], [ 0, %21 ] %40 = getelementptr inbounds %struct.compat_sysctl_args, %struct.compat_sysctl_args* %2, i64 0, i32 0 %41 = load i32, i32* %40, align 4 %42 = zext i32 %41 to i64 %43 = inttoptr i64 %42 to i32* %44 = getelementptr inbounds %struct.compat_sysctl_args, %struct.compat_sysctl_args* %2, i64 0, i32 1 %45 = load i32, i32* %44, align 4 %46 = call fastcc i64 @do_sysctl(i32* %43, i32 %45) #69 Function:do_sysctl %3 = alloca [10 x i32], align 16 %4 = bitcast [10 x i32]* %3 to i8* %5 = icmp ugt i32 %1, 10 br i1 %5, label %122, label %6 %7 = icmp eq i32 %1, 0 br i1 %7, label %8, label %10 %9 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 0 br label %86 %87 = phi i1 [ false, %30 ], [ %32, %82 ], [ false, %8 ] %88 = phi i32* [ %31, %30 ], [ %31, %82 ], [ %9, %8 ] %89 = phi i64 [ 197, %30 ], [ %85, %82 ], [ 197, %8 ] %90 = tail call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([4 x i64], [4 x i64]* @warn_once_bitmap, i64 0, i64 0), i64 %89) #6, !srcloc !9 %91 = and i8 %90, 1 %92 = icmp eq i8 %91, 0 br i1 %92, label %93, label %122 %94 = icmp sgt i32 %1, 1 %95 = load i32, i32* %88, align 16 %96 = icmp eq i32 %95, 1 %97 = and i1 %94, %96 br i1 %97, label %98, label %102 %99 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 1 %100 = load i32, i32* %99, align 4 %101 = icmp eq i32 %100, 4 br i1 %101, label %122, label %102 %103 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.deprecated_sysctl_warning, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sysctl 1 __ia32_sys_sysctl ------------- Path:  Function:__ia32_sys_sysctl %2 = alloca %struct.__sysctl_args, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = bitcast %struct.__sysctl_args* %2 to i8* %7 = inttoptr i64 %5 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 80) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %42 %11 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 2 %12 = load i8*, i8** %11, align 8 %13 = icmp eq i8* %12, null %14 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 3 %15 = load i64*, i64** %14, align 8 %16 = icmp eq i64* %15, null br i1 %13, label %18, label %17 br i1 %16, label %28, label %19 %21 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* nonnull %15, i64 8, i64 %20) #6, !srcloc !4 %22 = extractvalue { i64*, i64, i64 } %21, 0 %23 = extractvalue { i64*, i64, i64 } %21, 1 %24 = extractvalue { i64*, i64, i64 } %21, 2 %25 = ptrtoint i64* %22 to i64 %26 = and i64 %25, 4294967295 %27 = icmp eq i64 %26, 0 br i1 %27, label %28, label %42, !prof !5, !misexpect !6 %29 = phi i64 [ %23, %19 ], [ 0, %18 ] %30 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 0 %31 = load i32*, i32** %30, align 8 %32 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 1 %33 = load i32, i32* %32, align 8 %34 = call fastcc i64 @do_sysctl(i32* %31, i32 %33) #69 Function:do_sysctl %3 = alloca [10 x i32], align 16 %4 = bitcast [10 x i32]* %3 to i8* %5 = icmp ugt i32 %1, 10 br i1 %5, label %122, label %6 %7 = icmp eq i32 %1, 0 br i1 %7, label %8, label %10 %9 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 0 br label %86 %87 = phi i1 [ false, %30 ], [ %32, %82 ], [ false, %8 ] %88 = phi i32* [ %31, %30 ], [ %31, %82 ], [ %9, %8 ] %89 = phi i64 [ 197, %30 ], [ %85, %82 ], [ 197, %8 ] %90 = tail call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([4 x i64], [4 x i64]* @warn_once_bitmap, i64 0, i64 0), i64 %89) #6, !srcloc !9 %91 = and i8 %90, 1 %92 = icmp eq i8 %91, 0 br i1 %92, label %93, label %122 %94 = icmp sgt i32 %1, 1 %95 = load i32, i32* %88, align 16 %96 = icmp eq i32 %95, 1 %97 = and i1 %94, %96 br i1 %97, label %98, label %102 %99 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 1 %100 = load i32, i32* %99, align 4 %101 = icmp eq i32 %100, 4 br i1 %101, label %122, label %102 %103 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.deprecated_sysctl_warning, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sysctl 1 __x64_sys_sysctl ------------- Path:  Function:__x64_sys_sysctl %2 = alloca %struct.__sysctl_args, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = bitcast %struct.__sysctl_args* %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %5, i64 80) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %41 %10 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 2 %11 = load i8*, i8** %10, align 8 %12 = icmp eq i8* %11, null %13 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 3 %14 = load i64*, i64** %13, align 8 %15 = icmp eq i64* %14, null br i1 %12, label %17, label %16 br i1 %15, label %27, label %18 %20 = call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* nonnull %14, i64 8, i64 %19) #6, !srcloc !4 %21 = extractvalue { i64*, i64, i64 } %20, 0 %22 = extractvalue { i64*, i64, i64 } %20, 1 %23 = extractvalue { i64*, i64, i64 } %20, 2 %24 = ptrtoint i64* %21 to i64 %25 = and i64 %24, 4294967295 %26 = icmp eq i64 %25, 0 br i1 %26, label %27, label %41, !prof !5, !misexpect !6 %28 = phi i64 [ %22, %18 ], [ 0, %17 ] %29 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 0 %30 = load i32*, i32** %29, align 8 %31 = getelementptr inbounds %struct.__sysctl_args, %struct.__sysctl_args* %2, i64 0, i32 1 %32 = load i32, i32* %31, align 8 %33 = call fastcc i64 @do_sysctl(i32* %30, i32 %32) #69 Function:do_sysctl %3 = alloca [10 x i32], align 16 %4 = bitcast [10 x i32]* %3 to i8* %5 = icmp ugt i32 %1, 10 br i1 %5, label %122, label %6 %7 = icmp eq i32 %1, 0 br i1 %7, label %8, label %10 %9 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 0 br label %86 %87 = phi i1 [ false, %30 ], [ %32, %82 ], [ false, %8 ] %88 = phi i32* [ %31, %30 ], [ %31, %82 ], [ %9, %8 ] %89 = phi i64 [ 197, %30 ], [ %85, %82 ], [ 197, %8 ] %90 = tail call i8 asm " btsq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds ([4 x i64], [4 x i64]* @warn_once_bitmap, i64 0, i64 0), i64 %89) #6, !srcloc !9 %91 = and i8 %90, 1 %92 = icmp eq i8 %91, 0 br i1 %92, label %93, label %122 %94 = icmp sgt i32 %1, 1 %95 = load i32, i32* %88, align 16 %96 = icmp eq i32 %95, 1 %97 = and i1 %94, %96 br i1 %97, label %98, label %102 %99 = getelementptr inbounds [10 x i32], [10 x i32]* %3, i64 0, i64 1 %100 = load i32, i32* %99, align 4 %101 = icmp eq i32 %100, 4 br i1 %101, label %122, label %102 %103 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([26 x i8], [26 x i8]* @__func__.deprecated_sysctl_warning, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __ia32_compat_sys_rt_sigreturn ------------- Path:  Function:__ia32_compat_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -4 %14 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -268 %17 = icmp ult i64 %16, %13 br i1 %17, label %38, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe_ia32* %20 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 4 %21 = bitcast %struct.kernel_cap_struct* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %38 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %28 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 3 %29 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %28) #69 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %38 %32 = getelementptr inbounds %struct.rt_sigframe_ia32, %struct.rt_sigframe_ia32* %19, i64 0, i32 5, i32 2 %33 = call i32 @compat_restore_altstack(%struct.kernel_symbol* %32) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %38 %39 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %39, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.1.4634, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __ia32_compat_sys_sigreturn ------------- Path:  Function:__ia32_compat_sys_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.41575* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.41575** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.41575**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %11 = load i64, i64* %10, align 8 %12 = add i64 %11, -8 %13 = inttoptr i64 %12 to %struct.sigframe_ia32* %14 = bitcast %struct.cpumask* %2 to i8* %15 = getelementptr inbounds %struct.task_struct.41575, %struct.task_struct.41575* %3, i64 0, i32 163, i32 17, i32 0 %16 = load i64, i64* %15, align 8 %17 = add i64 %16, -736 %18 = icmp ult i64 %17, %12 br i1 %18, label %44, label %19, !prof !5, !misexpect !6 %20 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %21 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 2, i32 26 %22 = bitcast i32* %21 to %struct.__large_struct* %23 = tail call { i32, i64 } asm sideeffect "\0A1:\09movl $2,${1:k}\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorl ${1:k},${1:k}\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %22, i32 -14, i32 0) #6, !srcloc !9 %24 = extractvalue { i32, i64 } %23, 1 %25 = extractvalue { i32, i64 } %23, 0 tail call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %26 = and i64 %24, 4294967295 %27 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 store i64 %26, i64* %27, align 8 %28 = icmp eq i32 %25, 0 br i1 %28, label %29, label %44, !prof !11, !misexpect !12 %30 = getelementptr inbounds i8, i8* %14, i64 4 %31 = getelementptr inbounds %struct.sigframe_ia32, %struct.sigframe_ia32* %13, i64 0, i32 4 %32 = bitcast [1 x i32]* %31 to i8* %34 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %30, i8* %32, i32 4, i64 %33) #6, !srcloc !13 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 0 %36 = extractvalue { i32, i8*, i8*, i32, i64 } %34, 4 %37 = icmp eq i32 %35, 0 br i1 %37, label %38, label %44 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %39 = call fastcc i32 @ia32_restore_sigcontext(%struct.pt_regs* %9, %struct.sigcontext_32* %20) #69 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %44 %45 = inttoptr i64 %12 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %45, i8* getelementptr inbounds ([16 x i8], [16 x i8]* @.str.4631, i64 0, i64 0)) #69 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 force_sig_info_to_task 4 force_sig 5 signal_fault 6 __x64_sys_rt_sigreturn ------------- Path:  Function:__x64_sys_rt_sigreturn %2 = alloca %struct.cpumask, align 8 %3 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %4 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 2 %5 = bitcast i8** %4 to i64* %6 = load i64, i64* %5, align 8 %7 = add i64 %6, 16384 %8 = inttoptr i64 %7 to %struct.pt_regs* %9 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1 %10 = bitcast %struct.cpumask* %2 to i8* %11 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 19 %12 = load i64, i64* %11, align 8 %13 = add i64 %12, -8 %14 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = add i64 %15, -440 %17 = icmp ult i64 %16, %13 br i1 %17, label %158, label %18, !prof !5, !misexpect !6 %19 = inttoptr i64 %13 to %struct.rt_sigframe* %20 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 4 %21 = bitcast %struct.cpumask* %20 to i8* %23 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* nonnull %10, i8* %21, i32 8, i64 %22) #6, !srcloc !7 %24 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 0 %25 = extractvalue { i32, i8*, i8*, i32, i64 } %23, 4 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %158 %28 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %29 = bitcast %struct.ucontext* %28 to %struct.__large_struct* %30 = call { i32, i64 } asm sideeffect "\0A1:\09movq $2,$1\0A2:\0A.section .fixup,\22ax\22\0A3:\09mov $3,$0\0A\09xorq $1,$1\0A\09jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_uaccess) - .\0A .popsection\0A", "=r,=r,*m,i,0,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %29, i32 -14, i32 0) #6, !srcloc !10 %31 = extractvalue { i32, i64 } %30, 0 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %158, !prof !12, !misexpect !13 %34 = extractvalue { i32, i64 } %30, 1 call void @set_current_blocked(%struct.cpumask* nonnull %2) #69 %35 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3 %36 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 47, i32 0 store i64 (%struct.restart_block*)* @do_no_restart_syscall, i64 (%struct.restart_block*)** %36, align 8 %37 = getelementptr inbounds %struct.task_struct.11557, %struct.task_struct.11557* %3, i64 0, i32 163, i32 18 %38 = load i8, i8* %37, align 32 %39 = and i8 %38, -3 store i8 %39, i8* %37, align 32 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xcb\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+18)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09lfence\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %40 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 8 %41 = bitcast i64* %40 to %struct.__large_struct* %42 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %41) #6, !srcloc !15 %43 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 14 store i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 9 %45 = bitcast i64* %44 to %struct.__large_struct* %46 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %45) #6, !srcloc !16 %47 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 13 store i64 %46, i64* %47, align 8 %48 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 10 %49 = bitcast i64* %48 to %struct.__large_struct* %50 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %49) #6, !srcloc !17 %51 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 4 store i64 %50, i64* %51, align 8 %52 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 15 %53 = bitcast i64* %52 to %struct.__large_struct* %54 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %53) #6, !srcloc !18 store i64 %54, i64* %11, align 8 %55 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 11 %56 = bitcast i64* %55 to %struct.__large_struct* %57 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %56) #6, !srcloc !19 %58 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 5 store i64 %57, i64* %58, align 8 %59 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 12 %60 = bitcast i64* %59 to %struct.__large_struct* %61 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %60) #6, !srcloc !20 %62 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 12 store i64 %61, i64* %62, align 8 %63 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 14 %64 = bitcast i64* %63 to %struct.__large_struct* %65 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %64) #6, !srcloc !21 %66 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 11 store i64 %65, i64* %66, align 8 %67 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 16 %68 = bitcast i64* %67 to %struct.__large_struct* %69 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %68) #6, !srcloc !22 %70 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 16 store i64 %69, i64* %70, align 8 %71 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 13 %72 = bitcast i64* %71 to %struct.__large_struct* %73 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %72) #6, !srcloc !23 %74 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 10 store i64 %73, i64* %74, align 8 %75 = bitcast %struct.sigcontext_64* %35 to %struct.__large_struct* %76 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %75) #6, !srcloc !24 %77 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 9 store i64 %76, i64* %77, align 8 %78 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 1 %79 = bitcast i64* %78 to %struct.__large_struct* %80 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %79) #6, !srcloc !25 %81 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 8 store i64 %80, i64* %81, align 8 %82 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 2 %83 = bitcast i64* %82 to %struct.__large_struct* %84 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %83) #6, !srcloc !26 %85 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 7 store i64 %84, i64* %85, align 8 %86 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 3 %87 = bitcast i64* %86 to %struct.__large_struct* %88 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %87) #6, !srcloc !27 %89 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 6 store i64 %88, i64* %89, align 8 %90 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 4 %91 = bitcast i64* %90 to %struct.__large_struct* %92 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %91) #6, !srcloc !28 %93 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 3 store i64 %92, i64* %93, align 8 %94 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 5 %95 = bitcast i64* %94 to %struct.__large_struct* %96 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %95) #6, !srcloc !29 %97 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 2 store i64 %96, i64* %97, align 8 %98 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 6 %99 = bitcast i64* %98 to %struct.__large_struct* %100 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %99) #6, !srcloc !30 %101 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 1 store i64 %100, i64* %101, align 8 %102 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 7 %103 = bitcast i64* %102 to %struct.__large_struct* %104 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %103) #6, !srcloc !31 %105 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %9, i64 0, i32 0 store i64 %104, i64* %105, align 8 %106 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 18 %107 = bitcast i16* %106 to %struct.__large_struct* %108 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %107) #6, !srcloc !32 %109 = and i64 %108, 65532 %110 = or i64 %109, 3 %111 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 17 store i64 %110, i64* %111, align 8 %112 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 21 %113 = bitcast i16* %112 to %struct.__large_struct* %114 = call i64 asm sideeffect "1:\09movw $1,${0:w}\0A2:\0A.section .fixup,\22ax\22\0A3:xorw ${0:w},${0:w}\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %113) #6, !srcloc !33 %115 = and i64 %114, 65532 %116 = or i64 %115, 3 %117 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 20 store i64 %116, i64* %117, align 8 %118 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 17 %119 = bitcast i64* %118 to %struct.__large_struct* %120 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %119) #6, !srcloc !34 %121 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 18 %122 = load i64, i64* %121, align 8 %123 = and i64 %122, -331222 %124 = and i64 %120, 331221 %125 = or i64 %123, %124 store i64 %125, i64* %121, align 8 %126 = getelementptr %struct.pt_regs, %struct.pt_regs* %8, i64 -1, i32 15 store i64 -1, i64* %126, align 8 %127 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 3, i32 26 %128 = bitcast i64* %127 to %struct.__large_struct* %129 = call i64 asm sideeffect "1:\09movq $1,$0\0A2:\0A.section .fixup,\22ax\22\0A3:xorq $0,$0\0A jmp 2b\0A.previous\0A .pushsection \22__ex_table\22,\22a\22\0A .balign 4\0A .long (1b) - .\0A .long (3b) - .\0A .long (ex_handler_ext) - .\0A .popsection\0A", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.__large_struct* %128) #6, !srcloc !35 call void asm sideeffect "# ALT: oldnstr\0A661:\0A\09\0A662:\0A# ALT: padding\0A.skip -(((6651f-6641f)-(662b-661b)) > 0) * ((6651f-6641f)-(662b-661b)),0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 9*32+20)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09.byte 0x0f,0x01,0xca\0A6651:\0A.popsection\0A", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !11 %130 = load i8, i8* %37, align 32 %131 = and i64 %34, 4 %132 = icmp eq i64 %131, 0 br i1 %132, label %133, label %143 %144 = and i8 %130, 2 %145 = icmp eq i8 %144, 0 %146 = select i1 %145, i32 0, i32 -14 %147 = inttoptr i64 %129 to i8* %148 = call i32 @fpu__restore_sig(i8* %147, i32 0) #69 %149 = or i32 %148, %146 %150 = bitcast %struct.task_struct.11557* %3 to i8* call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %150, i8 2, i8* %150) #6, !srcloc !37 %151 = icmp eq i32 %149, 0 br i1 %151, label %152, label %158 %153 = getelementptr inbounds %struct.rt_sigframe, %struct.rt_sigframe* %19, i64 0, i32 1, i32 2 %154 = call i32 @restore_altstack(%struct.sigaltstack* %153) #69 %155 = icmp eq i32 %154, 0 br i1 %155, label %156, label %158 %159 = inttoptr i64 %13 to i8* call void @signal_fault(%struct.pt_regs* %9, i8* %159, i8* getelementptr inbounds ([13 x i8], [13 x i8]* @.str.1190, i64 0, i64 0)) #70 Function:signal_fault %4 = tail call %struct.task_struct.11557* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.11557** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.11557**)) #10, !srcloc !4 %5 = load i32, i32* @show_unhandled_signals, align 4 %6 = icmp eq i32 %5, 0 br i1 %6, label %25, label %7 %8 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([13 x i8], [13 x i8]* @__func__.signal_fault, i64 0, i64 0)) #69 %9 = icmp eq i32 %8, 0 br i1 %9, label %25, label %10 tail call void @force_sig(i32 11) #69 Function:force_sig %2 = alloca %struct.kernel_siginfo, align 8 %3 = bitcast %struct.kernel_siginfo* %2 to i8* %4 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 0 store i32 %0, i32* %4, align 8 %5 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 1 store i32 0, i32* %5, align 4 %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 2 store i32 128, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 0, i32* %7, align 8 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %2, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 0, i32* %8, align 4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = call fastcc i32 @force_sig_info_to_task(%struct.kernel_siginfo* nonnull %2, %struct.task_struct.43108* %9) #69 Function:force_sig_info_to_task %3 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %0, i64 0, i32 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 88 %6 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %7 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %6, i64 0, i32 0, i32 0, i32 0 %8 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %7) #69 %9 = load %struct.sighand_struct*, %struct.sighand_struct** %5, align 32 %10 = add i32 %4, -1 %11 = sext i32 %10 to i64 %12 = getelementptr %struct.sighand_struct, %struct.sighand_struct* %9, i64 0, i32 3, i64 %11, i32 0, i32 0 %13 = load void (i32)*, void (i32)** %12, align 8 %14 = icmp eq void (i32)* %13, inttoptr (i64 1 to void (i32)*) %15 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 89, i32 0, i64 0 %16 = load i64, i64* %15, align 8 %17 = zext i32 %10 to i64 %18 = shl nuw i64 1, %17 %19 = and i64 %16, %18 %20 = icmp ne i64 %19, 0 %21 = or i1 %14, %20 br i1 %21, label %22, label %54 store void (i32)* null, void (i32)** %12, align 8 br i1 %20, label %23, label %57 %24 = xor i64 %18, -1 %25 = load i64, i64* %15, align 8 %26 = and i64 %25, %24 store i64 %26, i64* %15, align 8 %27 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 41 %28 = load i64, i64* %27, align 8 %29 = and i64 %28, 10092544 %30 = icmp eq i64 %29, 0 br i1 %30, label %31, label %49 %32 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 92, i32 1, i32 0, i64 0 %33 = load i64, i64* %32, align 8 %34 = xor i64 %26, -1 %35 = and i64 %33, %34 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %49 %38 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 87 %39 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %38, align 8 %40 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %39, i64 0, i32 6, i32 1, i32 0, i64 0 %41 = load i64, i64* %40, align 8 %42 = and i64 %41, %34 %43 = icmp eq i64 %42, 0 br i1 %43, label %44, label %49 %45 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 45 %46 = load i8, i8* %45, align 8 %47 = and i8 %46, 16 %48 = icmp eq i8 %47, 0 br i1 %48, label %54, label %49 %50 = bitcast %struct.task_struct.43108* %1 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %50, i8 4, i8* %50) #6, !srcloc !4 %51 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %1, i32 1) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_compat_sys_wait4 ------------- Path:  Function:__ia32_compat_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_sys_waitpid ------------- Path:  Function:__ia32_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i32* %11 = trunc i64 %8 to i32 %12 = tail call i64 @kernel_wait4(i32 %9, i32* %10, i32 %11, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __x64_sys_waitpid ------------- Path:  Function:__x64_sys_waitpid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i32** %6 = load i32*, i32** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @kernel_wait4(i32 %9, i32* %6, i32 %10, %struct.rusage* null) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __ia32_sys_wait4 ------------- Path:  Function:__ia32_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i32* %15 = trunc i64 %9 to i32 %16 = bitcast %struct.rusage* %2 to i8* %17 = icmp ne i64 %12, 0 %18 = select i1 %17, %struct.rusage* %2, %struct.rusage* null %19 = call i64 @kernel_wait4(i32 %13, i32* %14, i32 %15, %struct.rusage* %18) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_wait4 8 __x64_sys_wait4 ------------- Path:  Function:__x64_sys_wait4 %2 = alloca %struct.rusage, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i32** %7 = load i32*, i32** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.rusage* %2 to i8* %15 = icmp ne i64 %11, 0 %16 = select i1 %15, %struct.rusage* %2, %struct.rusage* null %17 = call i64 @kernel_wait4(i32 %12, i32* %7, i32 %13, %struct.rusage* %16) #69 Function:kernel_wait4 %5 = alloca %struct.wait_opts, align 8 %6 = bitcast %struct.wait_opts* %5 to i8* %7 = and i32 %2, 536870900 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %41 switch i32 %0, label %10 [ i32 -2147483648, label %41 i32 -1, label %22 ] %23 = phi i32 [ 2, %12 ], [ 2, %17 ], [ 0, %20 ], [ 4, %9 ] %24 = phi %struct.pid.44539* [ %14, %12 ], [ %19, %17 ], [ %21, %20 ], [ null, %9 ] %25 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 0 store i32 %23, i32* %25, align 8 %26 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 2 store %struct.pid.44539* %24, %struct.pid.44539** %26, align 8 %27 = or i32 %2, 4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 1 store i32 %27, i32* %28, align 4 %29 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 3 store %struct.ist_info* null, %struct.ist_info** %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 4 store i32 0, i32* %30, align 8 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %5, i64 0, i32 5 store %struct.rusage* %3, %struct.rusage** %31, align 8 %32 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %5) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_compat_sys_waitid 9 __ia32_compat_sys_waitid ------------- Path:  Function:__ia32_compat_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_compat_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_compat_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.compat_siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_sys_waitid 9 __ia32_sys_waitid ------------- Path:  Function:__ia32_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_waitid(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 signal_wake_up_state 4 __ptrace_unlink 5 wait_consider_task 6 do_wait 7 kernel_waitid 8 __se_sys_waitid 9 __x64_sys_waitid ------------- Path:  Function:__x64_sys_waitid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_waitid(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_waitid %6 = alloca %struct.rusage, align 8 %7 = alloca %struct.ist_info, align 4 %8 = trunc i64 %0 to i32 %9 = trunc i64 %1 to i32 %10 = inttoptr i64 %2 to %struct.siginfo* %11 = trunc i64 %3 to i32 %12 = bitcast %struct.rusage* %6 to i8* %13 = bitcast %struct.ist_info* %7 to i8* %14 = icmp eq i64 %4, 0 %15 = select i1 %14, %struct.rusage* null, %struct.rusage* %6 %16 = call fastcc i64 @kernel_waitid(i32 %8, i32 %9, %struct.ist_info* nonnull %7, i32 %11, %struct.rusage* %15) #69 Function:kernel_waitid %6 = alloca %struct.wait_opts, align 8 %7 = bitcast %struct.wait_opts* %6 to i8* %8 = and i32 %3, 520093680 %9 = icmp ne i32 %8, 0 %10 = and i32 %3, 14 %11 = icmp eq i32 %10, 0 %12 = or i1 %9, %11 br i1 %12, label %68, label %13 switch i32 %0, label %68 [ i32 0, label %59 i32 1, label %14 i32 2, label %18 i32 3, label %27 ] %60 = phi %struct.pid.44539* [ %35, %54 ], [ %23, %22 ], [ %26, %24 ], [ %17, %16 ], [ null, %13 ] %61 = phi i32 [ 0, %54 ], [ 2, %22 ], [ 2, %24 ], [ 0, %16 ], [ 4, %13 ] %62 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 0 store i32 %61, i32* %62, align 8 %63 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 2 store %struct.pid.44539* %60, %struct.pid.44539** %63, align 8 %64 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 1 store i32 %3, i32* %64, align 4 %65 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 3 store %struct.ist_info* %2, %struct.ist_info** %65, align 8 %66 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %6, i64 0, i32 5 store %struct.rusage* %4, %struct.rusage** %66, align 8 %67 = call fastcc i64 @do_wait(%struct.wait_opts* nonnull %6) #70 Function:do_wait %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %4 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_process_wait to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@do_wait, %5)) #6 to label %27 [label %5], !srcloc !4 %28 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6 %29 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %28, i64 0, i32 0 store i32 0, i32* %29, align 8 %30 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 1 %31 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 6, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @child_wait_callback, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %31, align 8 %32 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !9 %33 = bitcast i8** %30 to %struct.task_struct.44971** store %struct.task_struct.44971* %32, %struct.task_struct.44971** %33, align 8 %34 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 87 %35 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %34, align 8 %36 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %35, i64 0, i32 4 tail call void @add_wait_queue(%struct.wait_queue_head* %36, %struct.wait_queue_entry* %28) #69 %37 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 7 %38 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %39 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 1 %40 = bitcast i64* %2 to i8* %41 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %42 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %32, i64 0, i32 0, i32 0 br label %43 store i32 -10, i32* %37, align 8 %44 = load i32, i32* %38, align 8 %45 = icmp ult i32 %44, 4 br i1 %45, label %46, label %55 %47 = load %struct.pid.44539*, %struct.pid.44539** %3, align 8 %48 = icmp eq %struct.pid.44539* %47, null br i1 %48, label %119, label %49 %50 = zext i32 %44 to i64 %51 = getelementptr %struct.pid.44539, %struct.pid.44539* %47, i64 0, i32 2, i64 %50 %52 = bitcast %struct.hlist_head* %51 to i64* %53 = load volatile i64, i64* %52, align 8 %54 = icmp eq i64 %53, 0 br i1 %54, label %119, label %55 store volatile i64 1, i64* %2, align 8 %56 = load volatile i64, i64* %2, align 8 %57 = tail call i64 asm sideeffect "xchgq ${0:q}, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i64* %39, i64 %56, i64* %39) #6, !srcloc !10 store volatile i64 %57, i64* %2, align 8 %58 = load volatile i64, i64* %2, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 br label %59 %60 = phi %struct.task_struct.44971* [ %32, %55 ], [ %104, %98 ] %61 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 53 %62 = bitcast %struct.list_head* %61 to i8** %63 = load i8*, i8** %62, align 8 %64 = bitcast i8* %63 to %struct.list_head* %65 = icmp eq %struct.list_head* %61, %64 br i1 %65, label %77, label %66 %67 = phi i8* [ %74, %72 ], [ %63, %59 ] %68 = getelementptr i8, i8* %67, i64 -1224 %69 = bitcast i8* %68 to %struct.task_struct.44971* %70 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 0, %struct.task_struct.44971* %69) #69 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %119 %73 = bitcast i8* %67 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %61, %75 br i1 %76, label %77, label %66 %78 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %60, i64 0, i32 56 %79 = bitcast %struct.list_head* %78 to i8** %80 = load i8*, i8** %79, align 16 %81 = bitcast i8* %80 to %struct.list_head* %82 = icmp eq %struct.list_head* %78, %81 br i1 %82, label %94, label %83 %84 = phi i8* [ %91, %89 ], [ %80, %77 ] %85 = getelementptr i8, i8* %84, i64 -1264 %86 = bitcast i8* %85 to %struct.task_struct.44971* %87 = tail call fastcc i32 @wait_consider_task(%struct.wait_opts* %0, i32 1, %struct.task_struct.44971* %86) #69 Function:wait_consider_task %4 = alloca i64, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 37 %7 = load volatile i32, i32* %6, align 4 %8 = icmp eq i32 %7, 16 br i1 %8, label %600, label %9, !prof !4, !misexpect !5 %10 = icmp ne i32 %1, 0 %11 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 0 %12 = load i32, i32* %11, align 8 switch i32 %12, label %15 [ i32 4, label %26 i32 0, label %13 ] %16 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %17 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %16, align 8 %18 = zext i32 %12 to i64 %19 = getelementptr %struct.signal_struct.44939, %struct.signal_struct.44939* %17, i64 0, i32 21, i64 %18 br label %20 %21 = phi %struct.pid.44539** [ %14, %13 ], [ %19, %15 ] %22 = load %struct.pid.44539*, %struct.pid.44539** %21, align 8 %23 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 2 %24 = load %struct.pid.44539*, %struct.pid.44539** %23, align 8 %25 = icmp ne %struct.pid.44539* %22, %24 br label %26 %27 = phi i1 [ false, %9 ], [ %25, %20 ] %28 = or i1 %10, %27 %29 = xor i1 %27, true %30 = zext i1 %29 to i32 br i1 %28, label %44, label %31 %32 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %33 = load i32, i32* %32, align 4 %34 = and i32 %33, 1073741824 %35 = icmp eq i32 %34, 0 br i1 %35, label %36, label %47 %48 = icmp eq i32 %7, 48 br i1 %48, label %49, label %52, !prof !4, !misexpect !5 br i1 %10, label %68, label %53 %54 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, 0 br i1 %56, label %68, label %57, !prof !6, !misexpect !5 %58 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %59 = load %struct.task_struct.44971*, %struct.task_struct.44971** %58, align 8 %60 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %61 = load %struct.task_struct.44971*, %struct.task_struct.44971** %60, align 16 %62 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %59, i64 0, i32 87 %63 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %62, align 8 %64 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %61, i64 0, i32 87 %65 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %64, align 8 %66 = icmp eq %struct.signal_struct.44939* %63, %65 %67 = zext i1 %66 to i32 br label %68 %69 = phi i32 [ 0, %53 ], [ %1, %52 ], [ %67, %57 ] %70 = icmp eq i32 %7, 32 br i1 %70, label %71, label %391 %72 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 39 %73 = load i32, i32* %72, align 4 %74 = icmp sgt i32 %73, -1 br i1 %74, label %75, label %81 %76 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %77 = bitcast %struct.list_head* %76 to i64* %78 = load volatile i64, i64* %77, align 8 %79 = inttoptr i64 %78 to %struct.list_head* %80 = icmp eq %struct.list_head* %76, %79 br i1 %80, label %81, label %384 %82 = icmp eq i32 %69, 0 br i1 %82, label %83, label %87, !prof !6, !misexpect !5 %88 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.44971*, i32, %struct.pid_namespace.44537*)*)(%struct.task_struct.44971* %2, i32 0, %struct.pid_namespace.44537* null) #69 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %89 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 77 %90 = bitcast %struct.cred** %89 to i64* %91 = load volatile i64, i64* %90, align 8 %92 = inttoptr i64 %91 to %struct.cred* %93 = getelementptr inbounds %struct.cred, %struct.cred* %92, i64 0, i32 1, i32 0 %94 = load i32, i32* %93, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %95 = icmp eq i32 %94, -1 %96 = load i32, i32* @overflowuid, align 4 %97 = select i1 %95, i32 %96, i32 %94 %98 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 1 %99 = load i32, i32* %98, align 4 %100 = and i32 %99, 4 %101 = icmp eq i32 %100, 0 br i1 %101, label %600, label %102, !prof !4, !misexpect !7 %103 = and i32 %99, 16777216 %104 = icmp eq i32 %103, 0 br i1 %104, label %133, label %105, !prof !6, !misexpect !5 %134 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 51 %135 = load %struct.task_struct.44971*, %struct.task_struct.44971** %134, align 8 %136 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 52 %137 = load %struct.task_struct.44971*, %struct.task_struct.44971** %136, align 16 %138 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %135, i64 0, i32 87 %139 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %138, align 8 %140 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %137, i64 0, i32 87 %141 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %140, align 8 %142 = icmp eq %struct.signal_struct.44939* %139, %141 br i1 %142, label %147, label %143 %144 = load i32, i32* %72, align 4 %145 = icmp sgt i32 %144, -1 %146 = select i1 %145, i32 48, i32 16 br label %147 %148 = phi i1 [ false, %133 ], [ %145, %143 ] %149 = phi i32 [ 16, %133 ], [ %146, %143 ] %150 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %6, i32 %149, i32 32, i32* %6) #6, !srcloc !15 %151 = icmp eq i32 %150, 32 br i1 %151, label %152, label %600 %153 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @tasklist_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !11 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !12 br i1 %148, label %336, label %154 %155 = load i32, i32* %72, align 4 %156 = icmp sgt i32 %155, -1 br i1 %156, label %157, label %336 %158 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %159 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %158, align 8 %160 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !16 %161 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 87 %162 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %161, align 8 %163 = bitcast i64* %4 to i8* %164 = bitcast i64* %5 to i8* call void bitcast (void (%struct.task_struct.54204*, i64*, i64*)* @thread_group_cputime_adjusted to void (%struct.task_struct.44971*, i64*, i64*)*)(%struct.task_struct.44971* %2, i64* nonnull %4, i64* nonnull %5) #69 %165 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %160, i64 0, i32 88 %166 = load %struct.sighand_struct*, %struct.sighand_struct** %165, align 32 %167 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %166, i64 0, i32 0, i32 0, i32 0 call void @_raw_spin_lock_irq(%struct.raw_spinlock* %167) #69 %168 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %168) #69 %169 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 0, i32 0 %170 = load i32, i32* %169, align 4 %171 = add i32 %170, 1 store i32 %171, i32* %169, align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %172 = load i64, i64* %4, align 8 %173 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 28 %174 = load i64, i64* %173, align 8 %175 = add i64 %174, %172 %176 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 28 %177 = load i64, i64* %176, align 8 %178 = add i64 %175, %177 store i64 %178, i64* %176, align 8 %179 = load i64, i64* %5, align 8 %180 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 29 %181 = load i64, i64* %180, align 8 %182 = add i64 %181, %179 %183 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 29 %184 = load i64, i64* %183, align 8 %185 = add i64 %182, %184 store i64 %185, i64* %183, align 8 %186 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 67 %187 = load i64, i64* %186, align 16 %188 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 30 %189 = load i64, i64* %188, align 8 %190 = add i64 %189, %187 %191 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 31 %192 = load i64, i64* %191, align 8 %193 = add i64 %190, %192 %194 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 31 %195 = load i64, i64* %194, align 8 %196 = add i64 %193, %195 store i64 %196, i64* %194, align 8 %197 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 73 %198 = load i64, i64* %197, align 16 %199 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 37 %200 = load i64, i64* %199, align 8 %201 = add i64 %200, %198 %202 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 39 %203 = load i64, i64* %202, align 8 %204 = add i64 %201, %203 %205 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 39 %206 = load i64, i64* %205, align 8 %207 = add i64 %204, %206 store i64 %207, i64* %205, align 8 %208 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 74 %209 = load i64, i64* %208, align 8 %210 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 38 %211 = load i64, i64* %210, align 8 %212 = add i64 %211, %209 %213 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 40 %214 = load i64, i64* %213, align 8 %215 = add i64 %212, %214 %216 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 40 %217 = load i64, i64* %216, align 8 %218 = add i64 %215, %217 store i64 %218, i64* %216, align 8 %219 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 69 %220 = load i64, i64* %219, align 16 %221 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 33 %222 = load i64, i64* %221, align 8 %223 = add i64 %222, %220 %224 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 35 %225 = load i64, i64* %224, align 8 %226 = add i64 %223, %225 %227 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 35 %228 = load i64, i64* %227, align 8 %229 = add i64 %226, %228 store i64 %229, i64* %227, align 8 %230 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 70 %231 = load i64, i64* %230, align 8 %232 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 34 %233 = load i64, i64* %232, align 8 %234 = add i64 %233, %231 %235 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 36 %236 = load i64, i64* %235, align 8 %237 = add i64 %234, %236 %238 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 36 %239 = load i64, i64* %238, align 8 %240 = add i64 %237, %239 store i64 %240, i64* %238, align 8 %241 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 4 %242 = load i64, i64* %241, align 32 %243 = lshr i64 %242, 9 %244 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 41 %245 = load i64, i64* %244, align 8 %246 = add i64 %243, %245 %247 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 43 %248 = load i64, i64* %247, align 8 %249 = add i64 %246, %248 %250 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 43 %251 = load i64, i64* %250, align 8 %252 = add i64 %249, %251 store i64 %252, i64* %250, align 8 %253 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 5 %254 = load i64, i64* %253, align 8 %255 = lshr i64 %254, 9 %256 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 42 %257 = load i64, i64* %256, align 8 %258 = add i64 %255, %257 %259 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 44 %260 = load i64, i64* %259, align 8 %261 = add i64 %258, %260 %262 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 44 %263 = load i64, i64* %262, align 8 %264 = add i64 %261, %263 store i64 %264, i64* %262, align 8 %265 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 45 %266 = load i64, i64* %265, align 8 %267 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 46 %268 = load i64, i64* %267, align 8 %269 = icmp ugt i64 %266, %268 %270 = select i1 %269, i64 %266, i64 %268 %271 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 46 %272 = load i64, i64* %271, align 8 %273 = icmp ult i64 %272, %270 br i1 %273, label %274, label %275 store i64 %270, i64* %271, align 8 br label %275 %276 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 0 %277 = load i64, i64* %276, align 8 %278 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 0 %279 = load i64, i64* %278, align 8 %280 = add i64 %279, %277 store i64 %280, i64* %278, align 8 %281 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 1 %282 = load i64, i64* %281, align 8 %283 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 1 %284 = load i64, i64* %283, align 8 %285 = add i64 %284, %282 store i64 %285, i64* %283, align 8 %286 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 2 %287 = load i64, i64* %286, align 8 %288 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 2 %289 = load i64, i64* %288, align 8 %290 = add i64 %289, %287 store i64 %290, i64* %288, align 8 %291 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 3 %292 = load i64, i64* %291, align 8 %293 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 3 %294 = load i64, i64* %293, align 8 %295 = add i64 %294, %292 store i64 %295, i64* %293, align 8 %296 = load i64, i64* %241, align 8 %297 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 4 %298 = load i64, i64* %297, align 8 %299 = add i64 %298, %296 store i64 %299, i64* %297, align 8 %300 = load i64, i64* %253, align 8 %301 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 5 %302 = load i64, i64* %301, align 8 %303 = add i64 %302, %300 store i64 %303, i64* %301, align 8 %304 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 118, i32 6 %305 = load i64, i64* %304, align 8 %306 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 47, i32 6 %307 = load i64, i64* %306, align 8 %308 = add i64 %307, %305 store i64 %308, i64* %306, align 8 %309 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 0 %310 = load i64, i64* %309, align 8 %311 = add i64 %310, %280 store i64 %311, i64* %278, align 8 %312 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 1 %313 = load i64, i64* %312, align 8 %314 = add i64 %313, %285 store i64 %314, i64* %283, align 8 %315 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 2 %316 = load i64, i64* %315, align 8 %317 = add i64 %316, %290 store i64 %317, i64* %288, align 8 %318 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 3 %319 = load i64, i64* %318, align 8 %320 = add i64 %319, %295 store i64 %320, i64* %293, align 8 %321 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 4 %322 = load i64, i64* %321, align 8 %323 = add i64 %322, %299 store i64 %323, i64* %297, align 8 %324 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 5 %325 = load i64, i64* %324, align 8 %326 = add i64 %325, %303 store i64 %326, i64* %301, align 8 %327 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %159, i64 0, i32 47, i32 6 %328 = load i64, i64* %327, align 8 %329 = add i64 %328, %308 store i64 %329, i64* %306, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 %330 = load i32, i32* %169, align 4 %331 = add i32 %330, 1 store i32 %331, i32* %169, align 4 %332 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %162, i64 0, i32 25, i32 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 %333 = bitcast %struct.spinlock* %332 to i8* store volatile i8 0, i8* %333, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !20 %334 = bitcast %struct.sighand_struct** %165 to i8** %335 = load i8*, i8** %334, align 32 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !19 store volatile i8 0, i8* %335, align 1 call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 br label %336 %337 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 5 %338 = load %struct.rusage*, %struct.rusage** %337, align 8 %339 = icmp eq %struct.rusage* %338, null br i1 %339, label %341, label %340 call void bitcast (void (%struct.task_struct.43108*, i32, %struct.rusage*)* @getrusage to void (%struct.task_struct.44971*, i32, %struct.rusage*)*)(%struct.task_struct.44971* %2, i32 -2, %struct.rusage* nonnull %338) #69 br label %341 %342 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %343 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %342, align 8 %344 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 12 %345 = load i32, i32* %344, align 4 %346 = and i32 %345, 4 %347 = icmp eq i32 %346, 0 %348 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %343, i64 0, i32 8 %349 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 38 %350 = select i1 %347, i32* %349, i32* %348 %351 = load i32, i32* %350, align 8 %352 = getelementptr inbounds %struct.wait_opts, %struct.wait_opts* %0, i64 0, i32 4 store i32 %351, i32* %352, align 8 br i1 %148, label %353, label %362 call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %354 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 5 %355 = load i32, i32* %354, align 8 %356 = icmp eq i32 %355, 0 br i1 %356, label %358, label %357, !prof !6, !misexpect !5 call void bitcast (void (%struct.task_struct.43108*)* @__ptrace_unlink to void (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:__ptrace_unlink %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 5 %3 = load i32, i32* %2, align 8 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %6, !prof !4, !misexpect !5 %7 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -2, i8* %7) #6, !srcloc !8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; andb $1,$0", "=*m,iq,*m,~{dirflag},~{fpsr},~{flags}"(i8* %7, i8 -65, i8* %7) #6, !srcloc !8 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 51 %9 = bitcast %struct.task_struct.43108** %8 to i64* %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 52 %12 = bitcast %struct.task_struct.43108** %11 to i64* store i64 %10, i64* %12, align 16 %13 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 57, i32 1 %15 = load %struct.list_head*, %struct.list_head** %14, align 8 %16 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 0 %17 = load %struct.list_head*, %struct.list_head** %16, align 8 %18 = getelementptr inbounds %struct.list_head, %struct.list_head* %17, i64 0, i32 1 store %struct.list_head* %15, %struct.list_head** %18, align 8 %19 = ptrtoint %struct.list_head* %17 to i64 %20 = bitcast %struct.list_head* %15 to i64* store volatile i64 %19, i64* %20, align 8 %21 = ptrtoint %struct.list_head* %13 to i64 %22 = bitcast %struct.list_head* %13 to i64* store volatile i64 %21, i64* %22, align 8 store %struct.list_head* %13, %struct.list_head** %14, align 8 %23 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 76 %24 = load %struct.cred*, %struct.cred** %23, align 16 store %struct.cred* null, %struct.cred** %23, align 16 %25 = icmp eq %struct.cred* %24, null br i1 %25, label %32, label %26 %33 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 88 %34 = load %struct.sighand_struct*, %struct.sighand_struct** %33, align 32 %35 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %34, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %35) #69 store i32 0, i32* %2, align 8 tail call void @task_clear_jobctl_pending(%struct.task_struct.43108* %0, i64 1572864) #69 tail call void @task_clear_jobctl_trapping(%struct.task_struct.43108* %0) #69 %36 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 4 %37 = load i32, i32* %36, align 4 %38 = and i32 %37, 4 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %59 %41 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %42 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %41, align 8 %43 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 12 %44 = load i32, i32* %43, align 4 %45 = and i32 %44, 1 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %51 %48 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %42, i64 0, i32 11 %49 = load i32, i32* %48, align 8 %50 = icmp eq i32 %49, 0 br i1 %50, label %59, label %51 %52 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %53 = load i64, i64* %52, align 8 %54 = or i64 %53, 131072 store i64 %54, i64* %52, align 8 %55 = and i64 %53, 65535 %56 = icmp eq i64 %55, 0 br i1 %56, label %57, label %59 %60 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 41 %61 = load i64, i64* %60, align 8 %62 = and i64 %61, 131072 %63 = icmp eq i64 %62, 0 br i1 %63, label %64, label %69 %65 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 1 %66 = load volatile i64, i64* %65, align 16 %67 = and i64 %66, 8 %68 = icmp eq i64 %67, 0 br i1 %68, label %70, label %69 tail call void @signal_wake_up_state(%struct.task_struct.43108* %0, i32 8) #69 Function:signal_wake_up_state %3 = bitcast %struct.task_struct.43108* %0 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %3, i8 4, i8* %3) #6, !srcloc !4 %4 = or i32 %1, 1 %5 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %0, i32 %4) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Use: =BAD PATH= Call Stack: 0 select_fallback_rq 1 try_to_wake_up 2 wake_up_state 3 zap_other_threads 4 do_group_exit 5 __do_sys_exit_group 6 __se_sys_exit_group 7 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 Function:do_group_exit %2 = tail call %struct.task_struct.44971* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.44971** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.44971**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 87 %4 = load %struct.signal_struct.44939*, %struct.signal_struct.44939** %3, align 8 %5 = trunc i32 %0 to i8 %6 = icmp sgt i8 %5, -1 br i1 %6, label %8, label %7, !prof !5, !misexpect !6 %9 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 12 %10 = load i32, i32* %9, align 4 %11 = and i32 %10, 4 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 10 %15 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %16 = icmp eq %struct.task_struct.44971* %15, null br i1 %16, label %20, label %17 %21 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 60 %22 = bitcast %struct.list_head* %21 to i64* %23 = load volatile i64, i64* %22, align 8 %24 = inttoptr i64 %23 to %struct.list_head* %25 = icmp eq %struct.list_head* %21, %24 br i1 %25, label %47, label %26 %27 = getelementptr inbounds %struct.task_struct.44971, %struct.task_struct.44971* %2, i64 0, i32 88 %28 = load %struct.sighand_struct*, %struct.sighand_struct** %27, align 32 %29 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %28, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %29) #69 %30 = load i32, i32* %9, align 4 %31 = and i32 %30, 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %35, label %33 %36 = load %struct.task_struct.44971*, %struct.task_struct.44971** %14, align 8 %37 = icmp eq %struct.task_struct.44971* %36, null %38 = getelementptr inbounds %struct.signal_struct.44939, %struct.signal_struct.44939* %4, i64 0, i32 8 br i1 %37, label %42, label %39 store i32 %0, i32* %38, align 8 store i32 4, i32* %9, align 4 %43 = tail call i32 bitcast (i32 (%struct.task_struct.43108*)* @zap_other_threads to i32 (%struct.task_struct.44971*)*)(%struct.task_struct.44971* %2) #69 Function:zap_other_threads %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %3 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %2, align 8 %4 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %3, i64 0, i32 11 store i32 0, i32* %4, align 8 %5 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 60, i32 0 %6 = bitcast %struct.list_head** %5 to i64* %7 = load volatile i64, i64* %6, align 8 %8 = inttoptr i64 %7 to i8* %9 = getelementptr i8, i8* %8, i64 -1352 %10 = bitcast i8* %9 to %struct.task_struct.43108* %11 = icmp eq %struct.task_struct.43108* %10, %0 br i1 %11, label %47, label %12 %13 = phi %struct.task_struct.43108* [ %45, %39 ], [ %10, %1 ] %14 = phi i8* [ %44, %39 ], [ %9, %1 ] %15 = phi i8* [ %43, %39 ], [ %8, %1 ] %16 = phi i32 [ %26, %39 ], [ 0, %1 ] %17 = getelementptr i8, i8* %15, i64 -256 %18 = bitcast i8* %17 to i64* %19 = load i64, i64* %18, align 8 %20 = and i64 %19, -2031617 store i64 %20, i64* %18, align 8 %21 = and i64 %19, 2097152 %22 = icmp eq i64 %21, 0 br i1 %22, label %25, label %23, !prof !4 %26 = add i32 %16, 1 %27 = getelementptr i8, i8* %15, i64 -276 %28 = bitcast i8* %27 to i32* %29 = load i32, i32* %28, align 4 %30 = icmp eq i32 %29, 0 br i1 %30, label %31, label %39 %32 = getelementptr i8, i8* %15, i64 392 %33 = bitcast i8* %32 to i64* %34 = load i64, i64* %33, align 8 %35 = or i64 %34, 256 store i64 %35, i64* %33, align 8 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %14, i8 4, i8* %14) #6, !srcloc !6 %36 = tail call i32 bitcast (i32 (%struct.task_struct.54204*, i32)* @wake_up_state to i32 (%struct.task_struct.43108*, i32)*)(%struct.task_struct.43108* %13, i32 257) #69 Function:wake_up_state %3 = tail call fastcc i32 @try_to_wake_up(%struct.task_struct.54204* %0, i32 %1, i32 0) #69 Function:try_to_wake_up tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %4 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %5 = icmp eq %struct.task_struct.54204* %4, %0 br i1 %5, label %6, label %60 %61 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 104 %62 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %61) #69 %63 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 1 %64 = load volatile i64, i64* %63, align 16 %65 = zext i32 %1 to i64 %66 = and i64 %64, %65 %67 = icmp eq i64 %66, 0 br i1 %67, label %328, label %68 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* bitcast (i32* getelementptr inbounds ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }, { i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_sched_waking, i64 0, i32 1, i32 0, i32 0) to %struct.static_key*), i1 false, i8* blockaddress(@try_to_wake_up, %69)) #6 to label %91 [label %69], !srcloc !6 %92 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 8 %93 = load volatile i32, i32* %92, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %94 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 14 %95 = load i32, i32* %94, align 32 %96 = icmp eq i32 %95, 0 br i1 %96, label %157, label %97 %98 = load volatile i32, i32* %92, align 4 %99 = zext i32 %98 to i64 %100 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %99 %101 = load i64, i64* %100, align 8 %102 = add i64 %101, ptrtoint (%struct.rq* @runqueues to i64) %103 = inttoptr i64 %102 to %struct.rq* %104 = getelementptr inbounds %struct.rq, %struct.rq* %103, i64 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %104) #69 %105 = load volatile i32, i32* %92, align 4 %106 = zext i32 %105 to i64 %107 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %106 %108 = load i64, i64* %107, align 8 %109 = add i64 %108, ptrtoint (%struct.rq* @runqueues to i64) %110 = inttoptr i64 %109 to %struct.rq* %111 = icmp eq %struct.rq* %103, %110 br i1 %111, label %112, label %114, !prof !15 %113 = load volatile i32, i32* %94, align 4 switch i32 %113, label %155 [ i32 2, label %114 i32 1, label %122 ], !prof !16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !17 %156 = inttoptr i64 %102 to i8* store volatile i8 0, i8* %156, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !18 br label %157 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !22 %158 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 7 %159 = load volatile i32, i32* %158, align 4 %160 = icmp eq i32 %159, 0 br i1 %160, label %164, label %161 tail call void asm sideeffect "rep; nop", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !21 %162 = load volatile i32, i32* %158, align 4 %163 = icmp eq i32 %162, 0 br i1 %163, label %164, label %161 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %165 = load volatile i64, i64* %63, align 16 %166 = and i64 %165, 2 %167 = icmp eq i64 %166, 0 br i1 %167, label %179, label %168 %180 = phi i8 [ 0, %168 ], [ 0, %164 ], [ %178, %173 ] %181 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 43 %182 = load i8, i8* %181, align 4 %183 = and i8 %182, -3 %184 = or i8 %183, %180 store i8 %184, i8* %181, align 4 store volatile i64 512, i64* %63, align 16 %185 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 45 %186 = load i8, i8* %185, align 8 %187 = and i8 %186, 2 %188 = icmp eq i8 %187, 0 br i1 %188, label %210, label %189 %211 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 26 %212 = load i32, i32* %211, align 32 %213 = icmp sgt i32 %212, 1 br i1 %213, label %214, label %222 %223 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %224 = load %struct.cpumask*, %struct.cpumask** %223, align 8 %225 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %224, i64 0, i32 0, i64 0 %226 = tail call i64 @find_first_bit(i64* %225, i64 64) #69 %227 = trunc i64 %226 to i32 br label %228 %229 = phi i32 [ %221, %214 ], [ %227, %222 ] %230 = zext i32 %229 to i64 %231 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 27 %232 = load %struct.cpumask*, %struct.cpumask** %231, align 8 %233 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %232, i64 0, i32 0, i64 0 %234 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %233, i64 %230) #6, !srcloc !8 %235 = and i8 %234, 1 %236 = icmp eq i8 %235, 0 br i1 %236, label %253, label %237, !prof !25 %238 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %0, i64 0, i32 4 %239 = load i32, i32* %238, align 4 %240 = and i32 %239, 2097152 %241 = icmp eq i32 %240, 0 br i1 %241, label %249, label %242 %243 = load i32, i32* %211, align 32 %244 = icmp eq i32 %243, 1 br i1 %244, label %245, label %249 %246 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %230) #6, !srcloc !8 %247 = and i8 %246, 1 %248 = icmp eq i8 %247, 0 br i1 %248, label %253, label %256, !prof !19, !misexpect !20 %254 = load volatile i32, i32* %92, align 4 %255 = tail call fastcc i32 @select_fallback_rq(i32 %254, %struct.task_struct.54204* %0) #69 Function:select_fallback_rq %3 = sext i32 %0 to i64 %4 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %3 %5 = load i64, i64* %4, align 8 %6 = add i64 %5, ptrtoint (i32* @numa_node to i64) %7 = inttoptr i64 %6 to i32* %8 = load i32, i32* %7, align 4 %9 = icmp eq i32 %8, -1 br i1 %9, label %34, label %10 %11 = sext i32 %8 to i64 %12 = getelementptr [64 x [1 x %struct.cpumask]], [64 x [1 x %struct.cpumask]]* @node_to_cpumask_map, i64 0, i64 %11, i64 0 %13 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %12) #69 %14 = load i32, i32* @nr_cpu_ids, align 4 %15 = icmp ult i32 %13, %14 br i1 %15, label %16, label %34 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 br label %18 %19 = phi i32 [ %13, %16 ], [ %25, %24 ] %20 = zext i32 %19 to i64 %21 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_active_mask, i64 0, i32 0, i64 0), i64 %20) #6, !srcloc !4 %22 = and i8 %21, 1 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %28 %29 = load %struct.cpumask*, %struct.cpumask** %17, align 8 %30 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %29, i64 0, i32 0, i64 0 %31 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %30, i64 %20) #6, !srcloc !4 %32 = and i8 %31, 1 %33 = icmp eq i8 %32, 0 br i1 %33, label %24, label %93 %25 = tail call i32 @cpumask_next(i32 %19, %struct.cpumask* %12) #69 %26 = load i32, i32* @nr_cpu_ids, align 4 %27 = icmp ult i32 %25, %26 br i1 %27, label %18, label %34 %35 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 27 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 4 %37 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 26 br label %38 %39 = phi i32 [ 0, %34 ], [ %77, %76 ] br label %40 %41 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %42 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* %41) #69 %43 = load i32, i32* @nr_cpu_ids, align 4 %44 = icmp ult i32 %42, %43 br i1 %44, label %45, label %73 %46 = phi i32 [ %70, %68 ], [ %42, %40 ] %47 = zext i32 %46 to i64 %48 = load %struct.cpumask*, %struct.cpumask** %35, align 8 %49 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %48, i64 0, i32 0, i64 0 %50 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %49, i64 %47) #6, !srcloc !4 %51 = and i8 %50, 1 %52 = icmp eq i8 %51, 0 br i1 %52, label %68, label %53 %54 = load i32, i32* %36, align 4 %55 = and i32 %54, 2097152 %56 = icmp eq i32 %55, 0 br i1 %56, label %64, label %57 %58 = load i32, i32* %37, align 32 %59 = icmp eq i32 %58, 1 br i1 %59, label %60, label %64 %61 = tail call i8 asm sideeffect " btq $2,$1\0A\09/* output condition code c*/\0A", "={@ccc},*m,Ir,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* getelementptr inbounds (%struct.cpumask, %struct.cpumask* @__cpu_online_mask, i64 0, i32 0, i64 0), i64 %47) #6, !srcloc !4 %62 = and i8 %61, 1 %63 = icmp eq i8 %62, 0 br i1 %63, label %68, label %79 %80 = icmp eq i32 %39, 0 br i1 %80, label %93, label %81 %82 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %1, i64 0, i32 33 %83 = load %struct.mm_struct.54212*, %struct.mm_struct.54212** %82, align 8 %84 = icmp eq %struct.mm_struct.54212* %83, null br i1 %84, label %93, label %85 %86 = tail call i32 @__printk_ratelimit(i8* getelementptr inbounds ([19 x i8], [19 x i8]* @__func__.select_fallback_rq, i64 0, i64 0)) #69 ------------- Good: 903 Bad: 26 Ignored: 1149 Check Use of Function:alarmtimer_do_nsleep Check Use of Function:security_task_setscheduler Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i32* %13 = bitcast [1 x %struct.cpumask]* %2 to i8* %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %20 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 %18 = shl i64 %6, 3 %19 = and i64 %18, 4294967288 br label %20 %21 = phi i64 [ %19, %16 ], [ 64, %1 ] %22 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %23 = call i64 @compat_get_bitmap(i64* nonnull %22, i32* %12, i64 %21) #69 %24 = trunc i64 %23 to i32 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %28 %27 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.54204* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.54204* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 3 %18 = getelementptr inbounds %union.anon.21, %union.anon.21* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !7 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !8, !misexpect !9 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !10, !misexpect !9 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%union.anon.21* %17, i32 %26) #69 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 67108864 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %102 %33 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %33, i64 0, i32 78 %35 = load %struct.cred*, %struct.cred** %34, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 77 %37 = bitcast %struct.cred** %36 to i64* %38 = load volatile i64, i64* %37, align 8 %39 = inttoptr i64 %38 to %struct.cred* %40 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %41 = load i32, i32* %40, align 4 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 5, i32 0 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %41, %43 br i1 %44, label %45, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %56 %57 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_setscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.54204* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.54204* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 3 %18 = getelementptr inbounds %union.anon.21, %union.anon.21* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !7 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !8, !misexpect !9 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !10, !misexpect !9 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%union.anon.21* %17, i32 %26) #69 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 67108864 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %102 %33 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %33, i64 0, i32 78 %35 = load %struct.cred*, %struct.cred** %34, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 77 %37 = bitcast %struct.cred** %36 to i64* %38 = load volatile i64, i64* %37, align 8 %39 = inttoptr i64 %38 to %struct.cred* %40 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %41 = load i32, i32* %40, align 4 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 5, i32 0 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %41, %43 br i1 %44, label %45, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %56 %57 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_setscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 br label %12 %13 = phi %struct.task_struct.54204* [ %9, %8 ], [ %11, %10 ] %14 = icmp eq %struct.task_struct.54204* %13, null br i1 %14, label %15, label %16 %17 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 3 %18 = getelementptr inbounds %union.anon.21, %union.anon.21* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 1, i32* %18) #6, !srcloc !7 %20 = icmp eq i32 %19, 0 br i1 %20, label %25, label %21, !prof !8, !misexpect !9 %22 = add i32 %19, 1 %23 = or i32 %22, %19 %24 = icmp sgt i32 %23, -1 br i1 %24, label %27, label %25, !prof !10, !misexpect !9 %26 = phi i32 [ 2, %16 ], [ 1, %21 ] tail call void @refcount_warn_saturate(%union.anon.21* %17, i32 %26) #69 br label %27 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %28 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 4 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 67108864 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %102 %33 = tail call %struct.task_struct.54204* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.54204** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.54204**)) #10, !srcloc !5 %34 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %33, i64 0, i32 78 %35 = load %struct.cred*, %struct.cred** %34, align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %36 = getelementptr inbounds %struct.task_struct.54204, %struct.task_struct.54204* %13, i64 0, i32 77 %37 = bitcast %struct.cred** %36 to i64* %38 = load volatile i64, i64* %37, align 8 %39 = inttoptr i64 %38 to %struct.cred* %40 = getelementptr inbounds %struct.cred, %struct.cred* %35, i64 0, i32 5, i32 0 %41 = load i32, i32* %40, align 4 %42 = getelementptr inbounds %struct.cred, %struct.cred* %39, i64 0, i32 5, i32 0 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %41, %43 br i1 %44, label %45, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 br label %56 %57 = tail call i32 bitcast (i32 (%struct.task_struct.112690*)* @security_task_setscheduler to i32 (%struct.task_struct.54204*)*)(%struct.task_struct.54204* nonnull %13) #69 ------------- Good: 3 Bad: 3 Ignored: 0 Check Use of Function:take_dentry_name_snapshot Check Use of Function:qdisc_graft Check Use of Function:__nla_parse Check Use of Function:disk_get_part Check Use of Function:security_sb_umount Check Use of Function:inet6_addr_add Check Use of Function:vfat_rmdir Check Use of Function:mmc_ioctl_cdrom_read_data Check Use of Function:ip4_datagram_release_cb Check Use of Function:mmc_ioctl_dvd_read_struct Check Use of Function:security_sem_associate Use: =BAD PATH= Call Stack: 0 ksys_semget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %24 = tail call i64 @ksys_semget(i32 %1, i32 %2, i32 %3) #69 Function:ksys_semget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %6, i64 0, i32 86 %8 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %7, align 16 %9 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %9, align 8 %11 = icmp slt i32 %1, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %10, i64 0, i32 2, i64 0 %14 = load i32, i32* %13, align 8 %15 = icmp slt i32 %14, %1 br i1 %15, label %24, label %16 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2 %20 = bitcast %struct.anon.1* %19 to i32* store i32 %1, i32* %20, align 8 %21 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %10, i64 0, i32 1, i64 0 %22 = call i32 @ipcget(%struct.ipc_namespace.243034* %10, %struct.ipc_ids* %21, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_semget ------------- Path:  Function:__x64_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace.243034* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_semget ------------- Path:  Function:__ia32_sys_semget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 %18 = icmp slt i32 %10, 0 br i1 %18, label %31, label %19 %20 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %17, i64 0, i32 2, i64 0 %21 = load i32, i32* %20, align 8 %22 = icmp slt i32 %21, %10 br i1 %22, label %31, label %23 %24 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %24, align 8 %25 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %25, align 4 %26 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2 %27 = bitcast %struct.anon.1* %26 to i32* store i32 %10, i32* %27, align 8 %28 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %17, i64 0, i32 1, i64 0 %29 = call i32 @ipcget(%struct.ipc_namespace.243034* %17, %struct.ipc_ids* %28, %struct.ipc_ops* nonnull @ksys_semget.sem_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:drm_prime_init_file_private Check Use of Function:__fsnotify_parent Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.134289*, i32)* @inode_permission to i32 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %247 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 %59 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 0 br i1 %58, label %60, label %62 %63 = load i64, i64* %59, align 8 %64 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 1 %65 = load i64, i64* %64, align 8 %66 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %63, i64 %65, %struct.inode.137152* %5) #69 %67 = extractvalue { i64, i64 } %66, 0 %68 = extractvalue { i64, i64 } %66, 1 store i64 %67, i64* %59, align 8 store i64 %68, i64* %64, align 8 br label %69 %70 = and i32 %9, 256 %71 = icmp eq i32 %70, 0 %72 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 0 br i1 %71, label %73, label %75 %76 = load i64, i64* %72, align 8 %77 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 1 %78 = load i64, i64* %77, align 8 %79 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %76, i64 %78, %struct.inode.137152* %5) #69 %80 = extractvalue { i64, i64 } %79, 0 %81 = extractvalue { i64, i64 } %79, 1 store i64 %80, i64* %72, align 8 store i64 %81, i64* %77, align 8 br label %82 %83 = and i32 %9, 16384 %84 = icmp eq i32 %83, 0 br i1 %84, label %94, label %85 %95 = phi i32 [ %36, %82 ], [ %36, %88 ], [ %93, %90 ] %96 = phi i32 [ %9, %82 ], [ %9, %88 ], [ %92, %90 ] %97 = and i32 %96, 6144 %98 = icmp eq i32 %97, 0 %99 = icmp eq i32 %95, 0 %100 = or i1 %98, %99 br i1 %100, label %102, label %101 %103 = and i32 %96, 2048 %104 = icmp eq i32 %103, 0 %105 = and i16 %7, 2048 %106 = icmp eq i16 %105, 0 %107 = or i1 %106, %104 br i1 %107, label %114, label %108 %115 = phi i32 [ %110, %108 ], [ %96, %102 ] %116 = and i32 %115, 4096 %117 = icmp ne i32 %116, 0 %118 = and i16 %7, 1032 %119 = icmp eq i16 %118, 1032 %120 = and i1 %119, %117 br i1 %120, label %121, label %137 %138 = phi i32 [ %134, %132 ], [ %115, %114 ] %139 = load i32, i32* %8, align 8 %140 = and i32 %139, -6145 %141 = icmp eq i32 %140, 0 br i1 %141, label %247, label %142 %143 = and i32 %138, 2 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %146 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %147 = load i32, i32* %146, align 8 %148 = icmp eq i32 %147, -1 br i1 %148, label %247, label %149 %150 = and i32 %138, 4 %151 = icmp eq i32 %150, 0 br i1 %151, label %156, label %152 %153 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %154, -1 br i1 %155, label %247, label %156 br i1 %144, label %157, label %161 %158 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 2, i32 0 %159 = load i32, i32* %158, align 4 %160 = icmp eq i32 %159, -1 br i1 %160, label %247, label %161 br i1 %151, label %162, label %166 %163 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 3, i32 0 %164 = load i32, i32* %163, align 8 %165 = icmp eq i32 %164, -1 br i1 %165, label %247, label %166 %167 = tail call i32 bitcast (i32 (%struct.dentry.112781*, %struct.iattr.112338*)* @security_inode_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %247 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 40 %171 = load %struct.file_lock_context*, %struct.file_lock_context** %170, align 8 %172 = icmp eq %struct.file_lock_context* %171, null br i1 %172, label %190, label %173 %191 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 7 %192 = load %struct.inode_operations.137148*, %struct.inode_operations.137148** %191, align 8 %193 = getelementptr inbounds %struct.inode_operations.137148, %struct.inode_operations.137148* %192, i64 0, i32 13 %194 = bitcast {}** %193 to i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %195 = load i32 (%struct.dentry.137143*, %struct.iattr.137257*)*, i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %194, align 8 %196 = icmp eq i32 (%struct.dentry.137143*, %struct.iattr.137257*)* %195, null br i1 %196, label %199, label %197 %200 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 br label %201 %202 = phi i32 [ %198, %197 ], [ %200, %199 ] %203 = icmp eq i32 %202, 0 br i1 %203, label %204, label %247 %205 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %206 = shl i32 %138, 1 %207 = and i32 %206, 4 %208 = select i1 %151, i32 %207, i32 4 %209 = or i32 %208, 2 %210 = lshr i32 %138, 2 %211 = and i32 %210, 2 %212 = or i32 %208, %211 %213 = and i32 %138, 48 %214 = icmp eq i32 %213, 48 br i1 %214, label %215, label %217 %218 = and i32 %138, 16 %219 = icmp eq i32 %218, 0 br i1 %219, label %222, label %220 %223 = and i32 %138, 32 %224 = icmp eq i32 %223, 0 %225 = select i1 %224, i32 %212, i32 %209 br label %226 %227 = phi i32 [ %216, %215 ], [ %221, %220 ], [ %225, %222 ] %228 = shl i32 %138, 2 %229 = and i32 %228, 4 %230 = or i32 %227, %229 %231 = icmp eq i32 %230, 0 br i1 %231, label %247, label %232 %233 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %205, i64 0, i32 0 %234 = load i16, i16* %233, align 8 %235 = and i16 %234, -4096 %236 = icmp eq i16 %235, 16384 %237 = or i32 %230, 1073741824 %238 = select i1 %236, i32 %237, i32 %230 %239 = icmp eq %struct.dentry.137143* %0, null br i1 %239, label %240, label %242 %241 = load %struct.dentry.137143*, %struct.dentry.137143** inttoptr (i64 8 to %struct.dentry.137143**), align 8 br label %242 %243 = phi %struct.dentry.137143* [ %0, %232 ], [ %241, %240 ] %244 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.136976*, %struct.dentry.137143*, i32)*)(%struct.path.136976* null, %struct.dentry.137143* %243, i32 %238) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __ia32_sys_pread64 ------------- Path:  Function:__ia32_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_read(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __x64_sys_pread64 ------------- Path:  Function:__x64_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_read(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 ksys_pread64 4 __ia32_compat_sys_x86_pread ------------- Path:  Function:__ia32_compat_sys_x86_pread %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pread64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pread64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_read(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 kernel_read 4 load_elf_library.16752 ------------- Path:  Function:load_elf_library.16752 %2 = alloca %struct.elf32_hdr, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %2, i64 0, i32 0, i64 0 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @kernel_read to i64 (%struct.file*, i8*, i64, i64*)*)(%struct.file* %0, i8* nonnull %4, i64 52, i64* nonnull %3) #69 Function:kernel_read %5 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %5, i64 0, i32 163, i32 17, i32 0 %7 = load i64, i64* %6, align 8 store i64 -1, i64* %6, align 8 %8 = bitcast %struct.task_struct.96680* %5 to i8* %9 = getelementptr i8, i8* %8, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %9, i8 -128, i8* %9) #6, !srcloc !5 %10 = tail call i64 @vfs_read(%struct.file.96774* %0, i8* %1, i64 %2, i64* %3) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __ia32_sys_pwrite64 ------------- Path:  Function:__ia32_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_write(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __x64_sys_pwrite64 ------------- Path:  Function:__x64_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_write(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 ksys_pwrite64 4 __ia32_compat_sys_x86_pwrite ------------- Path:  Function:__ia32_compat_sys_x86_pwrite %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pwrite64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pwrite64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_write(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %11, label %7 %8 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 10 %10 = tail call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @vfs_write to i64 (%struct.file.250940*, i8*, i64, i64*)*)(%struct.file.250940* nonnull %5, i8* %1, i64 %2, i64* %9) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 __se_sys_splice 3 __ia32_sys_splice ------------- Path:  Function:__ia32_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_splice(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 __se_sys_splice 3 __x64_sys_splice ------------- Path:  Function:__x64_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_splice(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __ia32_sys_fallocate ------------- Path:  Function:__ia32_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = icmp eq i64 %12, 0 br i1 %14, label %23, label %15 %16 = and i64 %9, 4294967295 %17 = and i64 %7, 4294967295 %18 = trunc i64 %5 to i32 %19 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %13, i32 %18, i64 %17, i64 %16) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __x64_sys_fallocate ------------- Path:  Function:__x64_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = icmp eq i64 %12, 0 br i1 %14, label %21, label %15 %16 = trunc i64 %5 to i32 %17 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %13, i32 %16, i64 %7, i64 %9) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 ksys_fallocate 3 __ia32_compat_sys_x86_fallocate ------------- Path:  Function:__ia32_compat_sys_x86_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = shl i64 %10, 32 %19 = or i64 %18, %8 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = tail call i32 @ksys_fallocate(i32 %16, i32 %17, i64 %19, i64 %21) #69 Function:ksys_fallocate %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.43183* %8 = icmp eq i64 %6, 0 br i1 %8, label %14, label %9 %10 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %7, i32 %1, i64 %2, i64 %3) #70 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 ioctl_preallocate 3 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %20 = inttoptr i64 %8 to %struct.space_resv_32* %21 = tail call i8* @compat_alloc_user_space(i64 48) #69 %22 = ptrtoint i8* %21 to i64 %23 = tail call %struct.task_struct.659* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.659** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.659**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.659, %struct.task_struct.659* %23, i64 0, i32 163, i32 17, i32 0 %25 = load i64, i64* %24, align 8 %26 = add i64 %25, -2 %27 = icmp ult i64 %26, %22 %28 = icmp ult i64 %26, %8 %29 = or i1 %27, %28 br i1 %29, label %895, label %30, !prof !5, !misexpect !6 %31 = inttoptr i64 %8 to i8* %33 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %21, i8* %31, i32 2, i64 %32) #6, !srcloc !7 %34 = extractvalue { i32, i8*, i8*, i32, i64 } %33, 0 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %33, 4 %36 = icmp eq i32 %34, 0 br i1 %36, label %37, label %895 %38 = getelementptr inbounds i8, i8* %21, i64 2 %39 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 1 %40 = ptrtoint i8* %38 to i64 %41 = load i64, i64* %24, align 8 %42 = add i64 %41, -2 %43 = icmp ult i64 %42, %40 %44 = ptrtoint i16* %39 to i64 %45 = icmp ult i64 %42, %44 %46 = or i1 %43, %45 br i1 %46, label %895, label %47, !prof !5, !misexpect !6 %48 = bitcast i16* %39 to i8* %50 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %38, i8* %48, i32 2, i64 %49) #6, !srcloc !7 %51 = extractvalue { i32, i8*, i8*, i32, i64 } %50, 0 %52 = extractvalue { i32, i8*, i8*, i32, i64 } %50, 4 %53 = icmp eq i32 %51, 0 br i1 %53, label %54, label %895 %55 = getelementptr inbounds i8, i8* %21, i64 8 %56 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 2 %57 = ptrtoint i8* %55 to i64 %58 = load i64, i64* %24, align 8 %59 = add i64 %58, -8 %60 = icmp ult i64 %59, %57 %61 = ptrtoint i64* %56 to i64 %62 = icmp ult i64 %59, %61 %63 = or i1 %60, %62 br i1 %63, label %895, label %64, !prof !5, !misexpect !6 %65 = bitcast i64* %56 to i8* %67 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %55, i8* %65, i32 8, i64 %66) #6, !srcloc !7 %68 = extractvalue { i32, i8*, i8*, i32, i64 } %67, 0 %69 = extractvalue { i32, i8*, i8*, i32, i64 } %67, 4 %70 = icmp eq i32 %68, 0 br i1 %70, label %71, label %895 %72 = getelementptr inbounds i8, i8* %21, i64 16 %73 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 3 %74 = ptrtoint i8* %72 to i64 %75 = load i64, i64* %24, align 8 %76 = add i64 %75, -8 %77 = icmp ult i64 %76, %74 %78 = ptrtoint i64* %73 to i64 %79 = icmp ult i64 %76, %78 %80 = or i1 %77, %79 br i1 %80, label %895, label %81, !prof !5, !misexpect !6 %82 = bitcast i64* %73 to i8* %84 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %72, i8* %82, i32 8, i64 %83) #6, !srcloc !7 %85 = extractvalue { i32, i8*, i8*, i32, i64 } %84, 0 %86 = extractvalue { i32, i8*, i8*, i32, i64 } %84, 4 %87 = icmp eq i32 %85, 0 br i1 %87, label %88, label %895 %89 = getelementptr inbounds i8, i8* %21, i64 24 %90 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 4 %91 = ptrtoint i8* %89 to i64 %92 = load i64, i64* %24, align 8 %93 = add i64 %92, -4 %94 = icmp ult i64 %93, %91 %95 = ptrtoint i32* %90 to i64 %96 = icmp ult i64 %93, %95 %97 = or i1 %94, %96 br i1 %97, label %895, label %98, !prof !5, !misexpect !6 %99 = bitcast i32* %90 to i8* %101 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %89, i8* %99, i32 4, i64 %100) #6, !srcloc !7 %102 = extractvalue { i32, i8*, i8*, i32, i64 } %101, 0 %103 = extractvalue { i32, i8*, i8*, i32, i64 } %101, 4 %104 = icmp eq i32 %102, 0 br i1 %104, label %105, label %895 %106 = getelementptr inbounds i8, i8* %21, i64 28 %107 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 5 %108 = ptrtoint i8* %106 to i64 %109 = load i64, i64* %24, align 8 %110 = add i64 %109, -4 %111 = icmp ult i64 %110, %108 %112 = ptrtoint i32* %107 to i64 %113 = icmp ult i64 %110, %112 %114 = or i1 %111, %113 br i1 %114, label %895, label %115, !prof !5, !misexpect !6 %116 = bitcast i32* %107 to i8* %118 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %106, i8* %116, i32 4, i64 %117) #6, !srcloc !7 %119 = extractvalue { i32, i8*, i8*, i32, i64 } %118, 0 %120 = extractvalue { i32, i8*, i8*, i32, i64 } %118, 4 %121 = icmp eq i32 %119, 0 br i1 %121, label %122, label %895 %123 = getelementptr inbounds i8, i8* %21, i64 32 %124 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 6 %125 = ptrtoint i8* %123 to i64 %126 = load i64, i64* %24, align 8 %127 = add i64 %126, -16 %128 = icmp ult i64 %127, %125 %129 = ptrtoint [4 x i32]* %124 to i64 %130 = icmp ult i64 %127, %129 %131 = or i1 %128, %130 br i1 %131, label %895, label %132, !prof !5, !misexpect !6 %133 = bitcast [4 x i32]* %124 to i8* %135 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %123, i8* %133, i32 16, i64 %134) #6, !srcloc !7 %136 = extractvalue { i32, i8*, i8*, i32, i64 } %135, 0 %137 = extractvalue { i32, i8*, i8*, i32, i64 } %135, 4 %138 = icmp eq i32 %136, 0 br i1 %138, label %139, label %895 %140 = tail call i32 bitcast (i32 (%struct.file.134820*, i8*)* @ioctl_preallocate to i32 (%struct.file.723*, i8*)*)(%struct.file.723* nonnull %13, i8* %21) #69 Function:ioctl_preallocate %3 = alloca %struct.space_resv, align 8 %4 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %5 = load %struct.inode.135044*, %struct.inode.135044** %4, align 8 %6 = bitcast %struct.space_resv* %3 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 48) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 1 %11 = load i16, i16* %10, align 2 %12 = sext i16 %11 to i32 switch i32 %12, label %33 [ i32 0, label %13 i32 1, label %16 i32 2, label %22 ] %14 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 2 %15 = load i64, i64* %14, align 8 br label %28 %29 = phi i64 [ %15, %13 ], [ %27, %22 ], [ %21, %16 ] %30 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.134820*, i32, i64, i64)*)(%struct.file.134820* %0, i32 1, i64 %29, i64 %31) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %89 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %90 = load i64, i64* %89, align 8 %91 = and i64 %90, 8192 %92 = icmp eq i64 %91, 0 br i1 %92, label %93, label %435 %94 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %95 = load %struct.file.125060*, %struct.file.125060** %94, align 8 %96 = icmp eq %struct.file.125060* %95, null br i1 %96, label %435, label %97 %98 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 19 %99 = load %struct.address_space.125290*, %struct.address_space.125290** %98, align 8 %100 = icmp eq %struct.address_space.125290* %99, null br i1 %100, label %435, label %101 %102 = getelementptr inbounds %struct.address_space.125290, %struct.address_space.125290* %99, i64 0, i32 0 %103 = load %struct.inode.125284*, %struct.inode.125284** %102, align 8 %104 = icmp eq %struct.inode.125284* %103, null br i1 %104, label %435, label %105 %106 = and i64 %90, 10 %107 = icmp eq i64 %106, 10 br i1 %107, label %108, label %435 %109 = load i64, i64* %76, align 8 %110 = sub i64 %83, %109 %111 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %112 = load i64, i64* %111, align 8 %113 = shl i64 %112, 12 %114 = add i64 %110, %113 %115 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64* %115) #6, !srcloc !5 %116 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %117 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %116, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %117) #69 %118 = sub i64 %87, %83 %119 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.125060*, i32, i64, i64)*)(%struct.file.125060* nonnull %95, i32 3, i64 %114, i64 %118) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %89 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %90 = load i64, i64* %89, align 8 %91 = and i64 %90, 8192 %92 = icmp eq i64 %91, 0 br i1 %92, label %93, label %435 %94 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %95 = load %struct.file.125060*, %struct.file.125060** %94, align 8 %96 = icmp eq %struct.file.125060* %95, null br i1 %96, label %435, label %97 %98 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 19 %99 = load %struct.address_space.125290*, %struct.address_space.125290** %98, align 8 %100 = icmp eq %struct.address_space.125290* %99, null br i1 %100, label %435, label %101 %102 = getelementptr inbounds %struct.address_space.125290, %struct.address_space.125290* %99, i64 0, i32 0 %103 = load %struct.inode.125284*, %struct.inode.125284** %102, align 8 %104 = icmp eq %struct.inode.125284* %103, null br i1 %104, label %435, label %105 %106 = and i64 %90, 10 %107 = icmp eq i64 %106, 10 br i1 %107, label %108, label %435 %109 = load i64, i64* %76, align 8 %110 = sub i64 %83, %109 %111 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %112 = load i64, i64* %111, align 8 %113 = shl i64 %112, 12 %114 = add i64 %110, %113 %115 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64* %115) #6, !srcloc !5 %116 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %117 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %116, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %117) #69 %118 = sub i64 %87, %83 %119 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.125060*, i32, i64, i64)*)(%struct.file.125060* nonnull %95, i32 3, i64 %114, i64 %118) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %32 = load i32, i32* %31, align 8 %33 = and i32 %32, 32 %34 = icmp eq i32 %33, 0 br i1 %34, label %47, label %35 %36 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %37 = load %struct.dentry.112781*, %struct.dentry.112781** %36, align 8 %38 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %37, i32 262144) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __ia32_sys_pread64 ------------- Path:  Function:__ia32_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_read(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 __x64_sys_pread64 ------------- Path:  Function:__x64_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_read(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 ksys_pread64 4 __ia32_compat_sys_x86_pread ------------- Path:  Function:__ia32_compat_sys_x86_pread %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pread64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pread64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_read(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_read 3 kernel_read 4 load_elf_library.16752 ------------- Path:  Function:load_elf_library.16752 %2 = alloca %struct.elf32_hdr, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %2, i64 0, i32 0, i64 0 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @kernel_read to i64 (%struct.file*, i8*, i64, i64*)*)(%struct.file* %0, i8* nonnull %4, i64 52, i64* nonnull %3) #69 Function:kernel_read %5 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %5, i64 0, i32 163, i32 17, i32 0 %7 = load i64, i64* %6, align 8 store i64 -1, i64* %6, align 8 %8 = bitcast %struct.task_struct.96680* %5 to i8* %9 = getelementptr i8, i8* %8, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %9, i8 -128, i8* %9) #6, !srcloc !5 %10 = tail call i64 @vfs_read(%struct.file.96774* %0, i8* %1, i64 %2, i64* %3) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __ia32_sys_pwrite64 ------------- Path:  Function:__ia32_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_write(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 __x64_sys_pwrite64 ------------- Path:  Function:__x64_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_write(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 ksys_pwrite64 4 __ia32_compat_sys_x86_pwrite ------------- Path:  Function:__ia32_compat_sys_x86_pwrite %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pwrite64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pwrite64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_write(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 vfs_write 3 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %11, label %7 %8 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 10 %10 = tail call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @vfs_write to i64 (%struct.file.250940*, i8*, i64, i64*)*)(%struct.file.250940* nonnull %5, i8* %1, i64 %2, i64* %9) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 __se_sys_splice 3 __ia32_sys_splice ------------- Path:  Function:__ia32_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_splice(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 rw_verify_area 2 __se_sys_splice 3 __x64_sys_splice ------------- Path:  Function:__x64_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_splice(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 Function:rw_verify_area %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 2 %6 = load %struct.inode.96765*, %struct.inode.96765** %5, align 8 %7 = icmp sgt i64 %3, -1 br i1 %7, label %8, label %56, !prof !4, !misexpect !5 %9 = icmp eq i64* %2, null br i1 %9, label %52, label %10 %11 = load i64, i64* %2, align 8 %12 = icmp sgt i64 %11, -1 br i1 %12, label %21, label %13, !prof !4, !misexpect !5 %22 = add nuw i64 %11, %3 %23 = icmp sgt i64 %22, -1 br i1 %23, label %29, label %24, !prof !4, !misexpect !5 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %1, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 8192 %28 = icmp eq i32 %27, 0 br i1 %28, label %56, label %29 %30 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 40 %31 = load %struct.file_lock_context*, %struct.file_lock_context** %30, align 8 %32 = icmp eq %struct.file_lock_context* %31, null br i1 %32, label %52, label %33 %34 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 8 %35 = load %struct.super_block.96752*, %struct.super_block.96752** %34, align 8 %36 = getelementptr inbounds %struct.super_block.96752, %struct.super_block.96752* %35, i64 0, i32 10 %37 = load i64, i64* %36, align 16 %38 = and i64 %37, 64 %39 = icmp eq i64 %38, 0 br i1 %39, label %52, label %40 %41 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %6, i64 0, i32 0 %42 = load i16, i16* %41, align 8 %43 = and i16 %42, 1032 %44 = icmp eq i16 %43, 1024 br i1 %44, label %45, label %52, !prof !6, !misexpect !5 %53 = icmp eq i32 %0, 0 %54 = select i1 %53, i32 4, i32 2 %55 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.96774*, i32)*)(%struct.file.96774* %1, i32 %54) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __ia32_sys_fallocate ------------- Path:  Function:__ia32_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = icmp eq i64 %12, 0 br i1 %14, label %23, label %15 %16 = and i64 %9, 4294967295 %17 = and i64 %7, 4294967295 %18 = trunc i64 %5 to i32 %19 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %13, i32 %18, i64 %17, i64 %16) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __x64_sys_fallocate ------------- Path:  Function:__x64_sys_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call i64 @__fdget(i32 %10) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = icmp eq i64 %12, 0 br i1 %14, label %21, label %15 %16 = trunc i64 %5 to i32 %17 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %13, i32 %16, i64 %7, i64 %9) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 ksys_fallocate 3 __ia32_compat_sys_x86_fallocate ------------- Path:  Function:__ia32_compat_sys_x86_fallocate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %15 = load i64, i64* %14, align 8 %16 = trunc i64 %3 to i32 %17 = trunc i64 %5 to i32 %18 = shl i64 %10, 32 %19 = or i64 %18, %8 %20 = shl i64 %15, 32 %21 = or i64 %20, %13 %22 = tail call i32 @ksys_fallocate(i32 %16, i32 %17, i64 %19, i64 %21) #69 Function:ksys_fallocate %5 = tail call i64 @__fdget(i32 %0) #69 %6 = and i64 %5, -4 %7 = inttoptr i64 %6 to %struct.file.43183* %8 = icmp eq i64 %6, 0 br i1 %8, label %14, label %9 %10 = tail call i32 @vfs_fallocate(%struct.file.43183* nonnull %7, i32 %1, i64 %2, i64 %3) #70 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 ioctl_preallocate 3 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %20 = inttoptr i64 %8 to %struct.space_resv_32* %21 = tail call i8* @compat_alloc_user_space(i64 48) #69 %22 = ptrtoint i8* %21 to i64 %23 = tail call %struct.task_struct.659* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.659** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.659**)) #10, !srcloc !4 %24 = getelementptr inbounds %struct.task_struct.659, %struct.task_struct.659* %23, i64 0, i32 163, i32 17, i32 0 %25 = load i64, i64* %24, align 8 %26 = add i64 %25, -2 %27 = icmp ult i64 %26, %22 %28 = icmp ult i64 %26, %8 %29 = or i1 %27, %28 br i1 %29, label %895, label %30, !prof !5, !misexpect !6 %31 = inttoptr i64 %8 to i8* %33 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %21, i8* %31, i32 2, i64 %32) #6, !srcloc !7 %34 = extractvalue { i32, i8*, i8*, i32, i64 } %33, 0 %35 = extractvalue { i32, i8*, i8*, i32, i64 } %33, 4 %36 = icmp eq i32 %34, 0 br i1 %36, label %37, label %895 %38 = getelementptr inbounds i8, i8* %21, i64 2 %39 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 1 %40 = ptrtoint i8* %38 to i64 %41 = load i64, i64* %24, align 8 %42 = add i64 %41, -2 %43 = icmp ult i64 %42, %40 %44 = ptrtoint i16* %39 to i64 %45 = icmp ult i64 %42, %44 %46 = or i1 %43, %45 br i1 %46, label %895, label %47, !prof !5, !misexpect !6 %48 = bitcast i16* %39 to i8* %50 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %38, i8* %48, i32 2, i64 %49) #6, !srcloc !7 %51 = extractvalue { i32, i8*, i8*, i32, i64 } %50, 0 %52 = extractvalue { i32, i8*, i8*, i32, i64 } %50, 4 %53 = icmp eq i32 %51, 0 br i1 %53, label %54, label %895 %55 = getelementptr inbounds i8, i8* %21, i64 8 %56 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 2 %57 = ptrtoint i8* %55 to i64 %58 = load i64, i64* %24, align 8 %59 = add i64 %58, -8 %60 = icmp ult i64 %59, %57 %61 = ptrtoint i64* %56 to i64 %62 = icmp ult i64 %59, %61 %63 = or i1 %60, %62 br i1 %63, label %895, label %64, !prof !5, !misexpect !6 %65 = bitcast i64* %56 to i8* %67 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %55, i8* %65, i32 8, i64 %66) #6, !srcloc !7 %68 = extractvalue { i32, i8*, i8*, i32, i64 } %67, 0 %69 = extractvalue { i32, i8*, i8*, i32, i64 } %67, 4 %70 = icmp eq i32 %68, 0 br i1 %70, label %71, label %895 %72 = getelementptr inbounds i8, i8* %21, i64 16 %73 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 3 %74 = ptrtoint i8* %72 to i64 %75 = load i64, i64* %24, align 8 %76 = add i64 %75, -8 %77 = icmp ult i64 %76, %74 %78 = ptrtoint i64* %73 to i64 %79 = icmp ult i64 %76, %78 %80 = or i1 %77, %79 br i1 %80, label %895, label %81, !prof !5, !misexpect !6 %82 = bitcast i64* %73 to i8* %84 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %72, i8* %82, i32 8, i64 %83) #6, !srcloc !7 %85 = extractvalue { i32, i8*, i8*, i32, i64 } %84, 0 %86 = extractvalue { i32, i8*, i8*, i32, i64 } %84, 4 %87 = icmp eq i32 %85, 0 br i1 %87, label %88, label %895 %89 = getelementptr inbounds i8, i8* %21, i64 24 %90 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 4 %91 = ptrtoint i8* %89 to i64 %92 = load i64, i64* %24, align 8 %93 = add i64 %92, -4 %94 = icmp ult i64 %93, %91 %95 = ptrtoint i32* %90 to i64 %96 = icmp ult i64 %93, %95 %97 = or i1 %94, %96 br i1 %97, label %895, label %98, !prof !5, !misexpect !6 %99 = bitcast i32* %90 to i8* %101 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %89, i8* %99, i32 4, i64 %100) #6, !srcloc !7 %102 = extractvalue { i32, i8*, i8*, i32, i64 } %101, 0 %103 = extractvalue { i32, i8*, i8*, i32, i64 } %101, 4 %104 = icmp eq i32 %102, 0 br i1 %104, label %105, label %895 %106 = getelementptr inbounds i8, i8* %21, i64 28 %107 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 5 %108 = ptrtoint i8* %106 to i64 %109 = load i64, i64* %24, align 8 %110 = add i64 %109, -4 %111 = icmp ult i64 %110, %108 %112 = ptrtoint i32* %107 to i64 %113 = icmp ult i64 %110, %112 %114 = or i1 %111, %113 br i1 %114, label %895, label %115, !prof !5, !misexpect !6 %116 = bitcast i32* %107 to i8* %118 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %106, i8* %116, i32 4, i64 %117) #6, !srcloc !7 %119 = extractvalue { i32, i8*, i8*, i32, i64 } %118, 0 %120 = extractvalue { i32, i8*, i8*, i32, i64 } %118, 4 %121 = icmp eq i32 %119, 0 br i1 %121, label %122, label %895 %123 = getelementptr inbounds i8, i8* %21, i64 32 %124 = getelementptr inbounds %struct.space_resv_32, %struct.space_resv_32* %20, i64 0, i32 6 %125 = ptrtoint i8* %123 to i64 %126 = load i64, i64* %24, align 8 %127 = add i64 %126, -16 %128 = icmp ult i64 %127, %125 %129 = ptrtoint [4 x i32]* %124 to i64 %130 = icmp ult i64 %127, %129 %131 = or i1 %128, %130 br i1 %131, label %895, label %132, !prof !5, !misexpect !6 %133 = bitcast [4 x i32]* %124 to i8* %135 = tail call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %123, i8* %133, i32 16, i64 %134) #6, !srcloc !7 %136 = extractvalue { i32, i8*, i8*, i32, i64 } %135, 0 %137 = extractvalue { i32, i8*, i8*, i32, i64 } %135, 4 %138 = icmp eq i32 %136, 0 br i1 %138, label %139, label %895 %140 = tail call i32 bitcast (i32 (%struct.file.134820*, i8*)* @ioctl_preallocate to i32 (%struct.file.723*, i8*)*)(%struct.file.723* nonnull %13, i8* %21) #69 Function:ioctl_preallocate %3 = alloca %struct.space_resv, align 8 %4 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %5 = load %struct.inode.135044*, %struct.inode.135044** %4, align 8 %6 = bitcast %struct.space_resv* %3 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %6, i8* %1, i64 48) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 1 %11 = load i16, i16* %10, align 2 %12 = sext i16 %11 to i32 switch i32 %12, label %33 [ i32 0, label %13 i32 1, label %16 i32 2, label %22 ] %14 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 2 %15 = load i64, i64* %14, align 8 br label %28 %29 = phi i64 [ %15, %13 ], [ %27, %22 ], [ %21, %16 ] %30 = getelementptr inbounds %struct.space_resv, %struct.space_resv* %3, i64 0, i32 3 %31 = load i64, i64* %30, align 8 %32 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.134820*, i32, i64, i64)*)(%struct.file.134820* %0, i32 1, i64 %29, i64 %31) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %89 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %90 = load i64, i64* %89, align 8 %91 = and i64 %90, 8192 %92 = icmp eq i64 %91, 0 br i1 %92, label %93, label %435 %94 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %95 = load %struct.file.125060*, %struct.file.125060** %94, align 8 %96 = icmp eq %struct.file.125060* %95, null br i1 %96, label %435, label %97 %98 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 19 %99 = load %struct.address_space.125290*, %struct.address_space.125290** %98, align 8 %100 = icmp eq %struct.address_space.125290* %99, null br i1 %100, label %435, label %101 %102 = getelementptr inbounds %struct.address_space.125290, %struct.address_space.125290* %99, i64 0, i32 0 %103 = load %struct.inode.125284*, %struct.inode.125284** %102, align 8 %104 = icmp eq %struct.inode.125284* %103, null br i1 %104, label %435, label %105 %106 = and i64 %90, 10 %107 = icmp eq i64 %106, 10 br i1 %107, label %108, label %435 %109 = load i64, i64* %76, align 8 %110 = sub i64 %83, %109 %111 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %112 = load i64, i64* %111, align 8 %113 = shl i64 %112, 12 %114 = add i64 %110, %113 %115 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64* %115) #6, !srcloc !5 %116 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %117 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %116, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %117) #69 %118 = sub i64 %87, %83 %119 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.125060*, i32, i64, i64)*)(%struct.file.125060* nonnull %95, i32 3, i64 %114, i64 %118) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Use: =BAD PATH= Call Stack: 0 security_file_permission 1 vfs_fallocate 2 __se_sys_madvise 3 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] store %struct.vm_area_struct.125300* null, %struct.vm_area_struct.125300** %10, align 8 %89 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %90 = load i64, i64* %89, align 8 %91 = and i64 %90, 8192 %92 = icmp eq i64 %91, 0 br i1 %92, label %93, label %435 %94 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %95 = load %struct.file.125060*, %struct.file.125060** %94, align 8 %96 = icmp eq %struct.file.125060* %95, null br i1 %96, label %435, label %97 %98 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 19 %99 = load %struct.address_space.125290*, %struct.address_space.125290** %98, align 8 %100 = icmp eq %struct.address_space.125290* %99, null br i1 %100, label %435, label %101 %102 = getelementptr inbounds %struct.address_space.125290, %struct.address_space.125290* %99, i64 0, i32 0 %103 = load %struct.inode.125284*, %struct.inode.125284** %102, align 8 %104 = icmp eq %struct.inode.125284* %103, null br i1 %104, label %435, label %105 %106 = and i64 %90, 10 %107 = icmp eq i64 %106, 10 br i1 %107, label %108, label %435 %109 = load i64, i64* %76, align 8 %110 = sub i64 %83, %109 %111 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 13 %112 = load i64, i64* %111, align 8 %113 = shl i64 %112, 12 %114 = add i64 %110, %113 %115 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %95, i64 0, i32 6, i32 0 call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %115, i64* %115) #6, !srcloc !5 %116 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %117 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %116, i64 0, i32 0, i32 17 call void @up_read(%struct.rw_semaphore* %117) #69 %118 = sub i64 %87, %83 %119 = call i32 bitcast (i32 (%struct.file.43183*, i32, i64, i64)* @vfs_fallocate to i32 (%struct.file.125060*, i32, i64, i64)*)(%struct.file.125060* nonnull %95, i32 3, i64 %114, i64 %118) #69 Function:vfs_fallocate %5 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 2 %6 = load %struct.inode.43174*, %struct.inode.43174** %5, align 8 %7 = icmp slt i64 %2, 0 %8 = icmp slt i64 %3, 1 %9 = or i1 %7, %8 br i1 %9, label %126, label %10 %11 = and i32 %1, -124 %12 = icmp ne i32 %11, 0 %13 = and i32 %1, 18 %14 = icmp eq i32 %13, 18 %15 = or i1 %12, %14 %16 = and i32 %1, 3 %17 = icmp eq i32 %16, 2 %18 = or i1 %17, %15 br i1 %18, label %126, label %19 %20 = and i32 %1, 8 %21 = icmp eq i32 %20, 0 %22 = and i32 %1, -9 %23 = icmp eq i32 %22, 0 %24 = or i1 %21, %23 br i1 %24, label %25, label %126 %26 = and i32 %1, 32 %27 = icmp eq i32 %26, 0 %28 = and i32 %1, -33 %29 = icmp eq i32 %28, 0 %30 = or i1 %27, %29 br i1 %30, label %31, label %126 %32 = and i32 %1, 64 %33 = icmp eq i32 %32, 0 %34 = and i32 %1, -66 %35 = icmp eq i32 %34, 0 %36 = or i1 %33, %35 br i1 %36, label %37, label %126 %38 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %0, i64 0, i32 8 %39 = load i32, i32* %38, align 4 %40 = and i32 %39, 2 %41 = icmp eq i32 %40, 0 br i1 %41, label %126, label %42 %43 = icmp ult i32 %1, 2 %44 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %6, i64 0, i32 4 %45 = load i32, i32* %44, align 4 %46 = and i32 %45, 4 %47 = icmp eq i32 %46, 0 %48 = or i1 %43, %47 %49 = and i32 %45, 8 %50 = icmp eq i32 %49, 0 %51 = and i1 %48, %50 br i1 %51, label %52, label %126 %53 = and i32 %45, 256 %54 = icmp eq i32 %53, 0 br i1 %54, label %55, label %126 %56 = tail call i32 bitcast (i32 (%struct.file.112786*, i32)* @security_file_permission to i32 (%struct.file.43183*, i32)*)(%struct.file.43183* %0, i32 2) #69 Function:security_file_permission %3 = load %struct.security_hook_list*, %struct.security_hook_list** bitcast (%struct.hlist_node** getelementptr inbounds (%struct.security_hook_heads, %struct.security_hook_heads* @security_hook_heads, i64 0, i32 68, i32 0) to %struct.security_hook_list**), align 8 %4 = icmp eq %struct.security_hook_list* %3, null br i1 %4, label %16, label %5 %6 = phi %struct.security_hook_list* [ %14, %12 ], [ %3, %2 ] %7 = getelementptr inbounds %struct.security_hook_list, %struct.security_hook_list* %6, i64 0, i32 2 %8 = bitcast %union.security_list_options* %7 to i32 (%struct.file.112786*, i32)** %9 = load i32 (%struct.file.112786*, i32)*, i32 (%struct.file.112786*, i32)** %8, align 8 %10 = tail call i32 %9(%struct.file.112786* %0, i32 %1) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %62 %13 = bitcast %struct.security_hook_list* %6 to %struct.security_hook_list** %14 = load %struct.security_hook_list*, %struct.security_hook_list** %13, align 8 %15 = icmp eq %struct.security_hook_list* %14, null br i1 %15, label %16, label %5 %17 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 %18 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %19 = load %struct.inode.112777*, %struct.inode.112777** %18, align 8 %20 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 67108864 %23 = icmp ne i32 %22, 0 %24 = and i32 %1, 36 %25 = icmp eq i32 %24, 0 %26 = or i1 %25, %23 br i1 %26, label %62, label %27 %28 = and i32 %1, 32 %29 = icmp eq i32 %28, 0 br i1 %29, label %44, label %30 %45 = shl i32 %1, 15 %46 = and i32 %45, 131072 br label %47 %48 = phi i32 [ 65536, %40 ], [ 65536, %30 ], [ %46, %44 ] %49 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %19, i64 0, i32 0 %50 = load i16, i16* %49, align 8 %51 = and i16 %50, -4096 %52 = icmp eq i16 %51, 16384 %53 = or i32 %48, 1073741824 %54 = select i1 %52, i32 %53, i32 %48 %55 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1, i32 1 %56 = load %struct.dentry.112781*, %struct.dentry.112781** %55, align 8 %57 = tail call i32 bitcast (i32 (%struct.path.146553*, %struct.dentry.146825*, i32)* @__fsnotify_parent to i32 (%struct.path.112783*, %struct.dentry.112781*, i32)*)(%struct.path.112783* %17, %struct.dentry.112781* %56, i32 %54) #69 ------------- Good: 191 Bad: 33 Ignored: 288 Check Use of Function:vfs_rename Check Use of Function:jbd2_complete_transaction Check Use of Function:dev_change_tx_queue_len Check Use of Function:get_net_ns_by_id Check Use of Function:generic_file_read_iter Use: =BAD PATH= Call Stack: 0 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 ------------- Good: 1 Bad: 1 Ignored: 2 Check Use of Function:blk_queue_max_discard_sectors Check Use of Function:dec_usb_memory_use_count Check Use of Function:mmc_ioctl_cdrom_next_writable Check Use of Function:dev_change_net_namespace Check Use of Function:ipv6_chk_prefix Check Use of Function:audit_inode_permission Check Use of Function:mq_find Check Use of Function:xt_find_revision Check Use of Function:msdos_lookup Check Use of Function:netlink_broadcast Check Use of Function:proc_lookupfd Check Use of Function:sr_select_speed Check Use of Function:xt_compat_add_offset Check Use of Function:xt_compat_target_offset Check Use of Function:xt_request_find_match Check Use of Function:nfs_umount_begin Check Use of Function:pci_user_read_config_word Check Use of Function:kernel_kexec Check Use of Function:do_sys_ftruncate Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ftruncate ------------- Path:  Function:__ia32_compat_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_ftruncate ------------- Path:  Function:__ia32_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_ftruncate ------------- Path:  Function:__x64_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 @do_sys_ftruncate(i32 %6, i64 %5, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_x86_ftruncate64 ------------- Path:  Function:__ia32_compat_sys_x86_ftruncate64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = shl i64 %8, 32 %11 = or i64 %10, %6 %12 = tail call i64 @do_sys_ftruncate(i32 %9, i64 %11, i32 1) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:ext4_lookup Check Use of Function:mmc_ioctl_cdrom_last_written Check Use of Function:vfs_parse_fs_string Check Use of Function:perf_event_set_output Check Use of Function:compat_table_info.62900 Check Use of Function:xt_compat_unlock Check Use of Function:dm_pr_register Check Use of Function:pin_kill Check Use of Function:wake_q_add Check Use of Function:fc_drop_locked Check Use of Function:map_files_d_revalidate Check Use of Function:do_truncate Check Use of Function:xfrm_user_policy Check Use of Function:serial8250_release_port Check Use of Function:blk_rq_map_user Check Use of Function:mmc_ioctl_cdrom_play_blk Check Use of Function:ipc_update_perm Check Use of Function:send_sig_info Check Use of Function:xt_compat_match_to_user Check Use of Function:perf_uprobe_init Check Use of Function:filename_lookup Check Use of Function:xt_table_unlock Check Use of Function:mmc_ioctl_cdrom_subchannel Check Use of Function:kernel_power_off Check Use of Function:xt_compat_match_offset Check Use of Function:netlink_rcv_skb Use: =BAD PATH= Call Stack: 0 uevent_net_rcv ------------- Path:  Function:uevent_net_rcv %2 = tail call i32 @netlink_rcv_skb(%struct.sk_buff.245212* %0, i32 (%struct.sk_buff.245212*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @uevent_net_rcv_skb) #69 ------------- Use: =BAD PATH= Call Stack: 0 rtnetlink_rcv ------------- Path:  Function:rtnetlink_rcv %2 = tail call i32 bitcast (i32 (%struct.sk_buff.245212*, i32 (%struct.sk_buff.245212*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)* @netlink_rcv_skb to i32 (%struct.sk_buff.657325*, i32 (%struct.sk_buff.657325*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)*)*)(%struct.sk_buff.657325* %0, i32 (%struct.sk_buff.657325*, %struct.nlmsghdr*, %struct.netlink_ext_ack*)* nonnull @rtnetlink_rcv_msg) #69 ------------- Good: 4 Bad: 2 Ignored: 0 Check Use of Function:xs_tcp_set_socket_timeouts Check Use of Function:path_lookupat Check Use of Function:posix_acl_xattr_get Check Use of Function:d_exchange Check Use of Function:xt_match_to_user Check Use of Function:reconfigure_super Check Use of Function:check_for_audio_disc Check Use of Function:security_inode_setxattr Check Use of Function:local_bh_enable.62629 Check Use of Function:dev_set_group Check Use of Function:blk_execute_rq Check Use of Function:security_context_to_sid_force Check Use of Function:shmem_unlink Use: =BAD PATH= Call Stack: 0 shmem_rmdir ------------- Path:  Function:shmem_rmdir %3 = tail call i32 bitcast (i32 (%struct.dentry.139777*)* @simple_empty to i32 (%struct.dentry.112781*)*)(%struct.dentry.112781* %1) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %9, label %5 %6 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %1, i64 0, i32 5 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 tail call void bitcast (void (%struct.inode.136922*)* @drop_nlink to void (%struct.inode.112777*)*)(%struct.inode.112777* %7) #69 tail call void bitcast (void (%struct.inode.136922*)* @drop_nlink to void (%struct.inode.112777*)*)(%struct.inode.112777* %0) #69 %8 = tail call i32 @shmem_unlink(%struct.inode.112777* %0, %struct.dentry.112781* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 shmem_rename2 ------------- Path:  Function:shmem_rename2 %6 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %1, i64 0, i32 5 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 %8 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %7, i64 0, i32 0 %9 = load i16, i16* %8, align 8 %10 = and i16 %9, -4096 %11 = icmp eq i16 %10, 16384 %12 = icmp ult i32 %4, 8 br i1 %12, label %13, label %100 %14 = and i32 %4, 2 %15 = icmp eq i32 %14, 0 br i1 %15, label %52, label %16 %53 = tail call i32 bitcast (i32 (%struct.dentry.139777*)* @simple_empty to i32 (%struct.dentry.112781*)*)(%struct.dentry.112781* %3) #69 %54 = icmp eq i32 %53, 0 br i1 %54, label %100, label %55 %56 = and i32 %4, 4 %57 = icmp eq i32 %56, 0 br i1 %57, label %68, label %58 %59 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %1, i64 0, i32 3 %60 = load %struct.dentry.112781*, %struct.dentry.112781** %59, align 8 %61 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %1, i64 0, i32 4 %62 = tail call %struct.dentry.112781* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.112781* (%struct.dentry.112781*, %struct.qstr*)*)(%struct.dentry.112781* %60, %struct.qstr* %61) #69 %63 = icmp eq %struct.dentry.112781* %62, null br i1 %63, label %100, label %64 %65 = tail call i32 @shmem_mknod(%struct.inode.112777* %0, %struct.dentry.112781* nonnull %62, i16 zeroext 8192, i32 0) #69 tail call void bitcast (void (%struct.dentry.136422*)* @dput to void (%struct.dentry.112781*)*)(%struct.dentry.112781* nonnull %62) #69 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %100 tail call void bitcast (void (%struct.dentry.136422*)* @d_rehash to void (%struct.dentry.112781*)*)(%struct.dentry.112781* nonnull %62) #69 br label %68 %69 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %3, i64 0, i32 5 %70 = load %struct.inode.112777*, %struct.inode.112777** %69, align 8 %71 = icmp eq %struct.inode.112777* %70, null br i1 %71, label %76, label %72 %73 = tail call i32 @shmem_unlink(%struct.inode.112777* %2, %struct.dentry.112781* %3) #70 ------------- Good: 0 Bad: 2 Ignored: 0 Check Use of Function:locks_mandatory_locked Check Use of Function:xt_compat_target_to_user Check Use of Function:ktime_add_safe Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex_time32 1 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_futex 1 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %43 = call i64 @ktime_get() #69 %44 = load i64, i64* %8, align 8 %45 = call i64 @ktime_add_safe(i64 %43, i64 %44) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.83942, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %120, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %16 = icmp eq i64* %3, null br i1 %16, label %27, label %17 %18 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %15, i64 0, i32 151 %19 = load i64, i64* %18, align 8 %20 = lshr i32 %1, 1 %21 = and i32 %20, 1 %22 = xor i32 %21, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %6, i32 %22, i32 0) #69 %23 = load i64, i64* %3, align 8 %24 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %6, i64 0, i32 0, i32 1 store i64 %23, i64* %24, align 8 %25 = call i64 @ktime_add_safe(i64 %23, i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.83942, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %120, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %16 = icmp eq i64* %3, null br i1 %16, label %27, label %17 %18 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %15, i64 0, i32 151 %19 = load i64, i64* %18, align 8 %20 = lshr i32 %1, 1 %21 = and i32 %20, 1 %22 = xor i32 %21, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %6, i32 %22, i32 0) #69 %23 = load i64, i64* %3, align 8 %24 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %6, i64 0, i32 0, i32 1 store i64 %23, i64* %24, align 8 %25 = call i64 @ktime_add_safe(i64 %23, i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.83942, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %120, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %16 = icmp eq i64* %3, null br i1 %16, label %27, label %17 %18 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %15, i64 0, i32 151 %19 = load i64, i64* %18, align 8 %20 = lshr i32 %1, 1 %21 = and i32 %20, 1 %22 = xor i32 %21, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %6, i32 %22, i32 0) #69 %23 = load i64, i64* %3, align 8 %24 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %6, i64 0, i32 0, i32 1 store i64 %23, i64* %24, align 8 %25 = call i64 @ktime_add_safe(i64 %23, i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_wait 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %37 = phi i32 [ %6, %30 ], [ %6, %34 ], [ -1, %35 ] %38 = tail call fastcc i32 @futex_wait(i32* %0, i32 %31, i32 %2, i64* %3, i32 %37) #69 Function:futex_wait %6 = alloca %struct.hrtimer_sleeper.83942, align 8 %7 = alloca %struct.futex_hash_bucket*, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %6 to i8* %10 = bitcast %struct.futex_hash_bucket** %7 to i8* %11 = bitcast %struct.futex_q* %8 to i8* %12 = icmp eq i32 %4, 0 br i1 %12, label %120, label %13 %14 = getelementptr inbounds %struct.futex_q, %struct.futex_q* %8, i64 0, i32 7 store i32 %4, i32* %14, align 8 %15 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %16 = icmp eq i64* %3, null br i1 %16, label %27, label %17 %18 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %15, i64 0, i32 151 %19 = load i64, i64* %18, align 8 %20 = lshr i32 %1, 1 %21 = and i32 %20, 1 %22 = xor i32 %21, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %6, i32 %22, i32 0) #69 %23 = load i64, i64* %3, align 8 %24 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %6, i64 0, i32 0, i32 1 store i64 %23, i64* %24, align 8 %25 = call i64 @ktime_add_safe(i64 %23, i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] %803 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %31, i64* null, i32 1) #69 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.83942, align 8 %6 = alloca %struct.task_struct.83941*, align 8 %7 = alloca %struct.rt_mutex_waiter.83905, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %5 to i8* %10 = bitcast %struct.task_struct.83941** %6 to i8* store %struct.task_struct.83941* null, %struct.task_struct.83941** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.83905* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %13, i64 0, i32 131 %15 = load %struct.futex_pi_state*, %struct.futex_pi_state** %14, align 64 %16 = icmp eq %struct.futex_pi_state* %15, null br i1 %16, label %17, label %32, !prof !5, !misexpect !6 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 88) #69 %20 = icmp eq i8* %19, null br i1 %20, label %283, label %21 %22 = ptrtoint i8* %19 to i64 %23 = bitcast i8* %19 to i64* store volatile i64 %22, i64* %23, align 8 %24 = getelementptr inbounds i8, i8* %19, i64 8 %25 = bitcast i8* %24 to i8** store i8* %19, i8** %25, align 8 %26 = getelementptr inbounds i8, i8* %19, i64 48 %27 = bitcast i8* %26 to %struct.task_struct.83941** store %struct.task_struct.83941* null, %struct.task_struct.83941** %27, align 8 %28 = getelementptr inbounds i8, i8* %19, i64 56 %29 = bitcast i8* %28 to i32* store volatile i32 1, i32* %29, align 8 %30 = getelementptr inbounds i8, i8* %19, i64 64 %31 = bitcast %struct.futex_pi_state** %14 to i8** store i8* %19, i8** %31, align 64 br label %32 %33 = icmp eq i64* %2, null br i1 %33, label %39, label %34 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %5, i32 0, i32 0) #69 %35 = load i64, i64* %2, align 8 %36 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %5, i64 0, i32 0, i32 1 store i64 %35, i64* %36, align 8 %37 = call i64 @ktime_add_safe(i64 %35, i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex_time32 3 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] %803 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %31, i64* null, i32 1) #69 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.83942, align 8 %6 = alloca %struct.task_struct.83941*, align 8 %7 = alloca %struct.rt_mutex_waiter.83905, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %5 to i8* %10 = bitcast %struct.task_struct.83941** %6 to i8* store %struct.task_struct.83941* null, %struct.task_struct.83941** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.83905* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %13, i64 0, i32 131 %15 = load %struct.futex_pi_state*, %struct.futex_pi_state** %14, align 64 %16 = icmp eq %struct.futex_pi_state* %15, null br i1 %16, label %17, label %32, !prof !5, !misexpect !6 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 88) #69 %20 = icmp eq i8* %19, null br i1 %20, label %283, label %21 %22 = ptrtoint i8* %19 to i64 %23 = bitcast i8* %19 to i64* store volatile i64 %22, i64* %23, align 8 %24 = getelementptr inbounds i8, i8* %19, i64 8 %25 = bitcast i8* %24 to i8** store i8* %19, i8** %25, align 8 %26 = getelementptr inbounds i8, i8* %19, i64 48 %27 = bitcast i8* %26 to %struct.task_struct.83941** store %struct.task_struct.83941* null, %struct.task_struct.83941** %27, align 8 %28 = getelementptr inbounds i8, i8* %19, i64 56 %29 = bitcast i8* %28 to i32* store volatile i32 1, i32* %29, align 8 %30 = getelementptr inbounds i8, i8* %19, i64 64 %31 = bitcast %struct.futex_pi_state** %14 to i8** store i8* %19, i8** %31, align 64 br label %32 %33 = icmp eq i64* %2, null br i1 %33, label %39, label %34 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %5, i32 0, i32 0) #69 %35 = load i64, i64* %2, align 8 %36 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %5, i64 0, i32 0, i32 1 store i64 %35, i64* %36, align 8 %37 = call i64 @ktime_add_safe(i64 %35, i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] %803 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %31, i64* null, i32 1) #69 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.83942, align 8 %6 = alloca %struct.task_struct.83941*, align 8 %7 = alloca %struct.rt_mutex_waiter.83905, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %5 to i8* %10 = bitcast %struct.task_struct.83941** %6 to i8* store %struct.task_struct.83941* null, %struct.task_struct.83941** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.83905* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %13, i64 0, i32 131 %15 = load %struct.futex_pi_state*, %struct.futex_pi_state** %14, align 64 %16 = icmp eq %struct.futex_pi_state* %15, null br i1 %16, label %17, label %32, !prof !5, !misexpect !6 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 88) #69 %20 = icmp eq i8* %19, null br i1 %20, label %283, label %21 %22 = ptrtoint i8* %19 to i64 %23 = bitcast i8* %19 to i64* store volatile i64 %22, i64* %23, align 8 %24 = getelementptr inbounds i8, i8* %19, i64 8 %25 = bitcast i8* %24 to i8** store i8* %19, i8** %25, align 8 %26 = getelementptr inbounds i8, i8* %19, i64 48 %27 = bitcast i8* %26 to %struct.task_struct.83941** store %struct.task_struct.83941* null, %struct.task_struct.83941** %27, align 8 %28 = getelementptr inbounds i8, i8* %19, i64 56 %29 = bitcast i8* %28 to i32* store volatile i32 1, i32* %29, align 8 %30 = getelementptr inbounds i8, i8* %19, i64 64 %31 = bitcast %struct.futex_pi_state** %14 to i8** store i8* %19, i8** %31, align 64 br label %32 %33 = icmp eq i64* %2, null br i1 %33, label %39, label %34 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %5, i32 0, i32 0) #69 %35 = load i64, i64* %2, align 8 %36 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %5, i64 0, i32 0, i32 1 store i64 %35, i64* %36, align 8 %37 = call i64 @ktime_add_safe(i64 %35, i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 futex_lock_pi 1 do_futex 2 __se_sys_futex 3 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] %803 = tail call fastcc i32 @futex_lock_pi(i32* %0, i32 %31, i64* null, i32 1) #69 Function:futex_lock_pi %5 = alloca %struct.hrtimer_sleeper.83942, align 8 %6 = alloca %struct.task_struct.83941*, align 8 %7 = alloca %struct.rt_mutex_waiter.83905, align 8 %8 = alloca %struct.futex_q, align 8 %9 = bitcast %struct.hrtimer_sleeper.83942* %5 to i8* %10 = bitcast %struct.task_struct.83941** %6 to i8* store %struct.task_struct.83941* null, %struct.task_struct.83941** %6, align 8 %11 = bitcast %struct.rt_mutex_waiter.83905* %7 to i8* %12 = bitcast %struct.futex_q* %8 to i8* %13 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %13, i64 0, i32 131 %15 = load %struct.futex_pi_state*, %struct.futex_pi_state** %14, align 64 %16 = icmp eq %struct.futex_pi_state* %15, null br i1 %16, label %17, label %32, !prof !5, !misexpect !6 %18 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 1), align 8 %19 = tail call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %18, i32 3520, i64 88) #69 %20 = icmp eq i8* %19, null br i1 %20, label %283, label %21 %22 = ptrtoint i8* %19 to i64 %23 = bitcast i8* %19 to i64* store volatile i64 %22, i64* %23, align 8 %24 = getelementptr inbounds i8, i8* %19, i64 8 %25 = bitcast i8* %24 to i8** store i8* %19, i8** %25, align 8 %26 = getelementptr inbounds i8, i8* %19, i64 48 %27 = bitcast i8* %26 to %struct.task_struct.83941** store %struct.task_struct.83941* null, %struct.task_struct.83941** %27, align 8 %28 = getelementptr inbounds i8, i8* %19, i64 56 %29 = bitcast i8* %28 to i32* store volatile i32 1, i32* %29, align 8 %30 = getelementptr inbounds i8, i8* %19, i64 64 %31 = bitcast %struct.futex_pi_state** %14 to i8** store i8* %19, i8** %31, align 64 br label %32 %33 = icmp eq i64* %2, null br i1 %33, label %39, label %34 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %5, i32 0, i32 0) #69 %35 = load i64, i64* %2, align 8 %36 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %5, i64 0, i32 0, i32 1 store i64 %35, i64* %36, align 8 %37 = call i64 @ktime_add_safe(i64 %35, i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __ia32_sys_futex_time32 ------------- Path:  Function:__ia32_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex_time32(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %806 = bitcast %struct.hrtimer_sleeper.83942* %8 to i8* %807 = bitcast %struct.rt_mutex_waiter.83905* %9 to i8* %808 = bitcast %struct.futex_hash_bucket** %10 to i8* %809 = bitcast %union.futex_key* %11 to i8* %810 = bitcast %struct.futex_q* %12 to i8* %811 = icmp eq i32* %0, %4 br i1 %811, label %1014, label %812 %813 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !6 %814 = icmp eq i64* %3, null br i1 %814, label %825, label %815 %816 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %813, i64 0, i32 151 %817 = load i64, i64* %816, align 8 %818 = lshr i32 %31, 1 %819 = and i32 %818, 1 %820 = xor i32 %819, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %8, i32 %820, i32 0) #70 %821 = load i64, i64* %3, align 8 %822 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %8, i64 0, i32 0, i32 1 store i64 %821, i64* %822, align 8 %823 = call i64 @ktime_add_safe(i64 %821, i64 %817) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex_time32 2 __x64_sys_futex_time32 ------------- Path:  Function:__x64_sys_futex_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex_time32(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex_time32 %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %4 to i32* %13 = trunc i64 %5 to i32 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast i64* %8 to i8* %16 = and i32 %10, -385 %17 = icmp eq i64 %3, 0 br i1 %17, label %46, label %18 %19 = icmp eq i32 %16, 0 %20 = icmp eq i32 %16, 6 %21 = or i1 %19, %20 %22 = and i32 %10, -387 %23 = icmp eq i32 %22, 9 %24 = or i1 %23, %21 br i1 %24, label %25, label %46 %26 = inttoptr i64 %3 to i8* %27 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %7, i8* nonnull %26) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %19, label %42, label %46 %47 = phi i64* [ null, %18 ], [ null, %6 ], [ %8, %37 ] switch i32 %16, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %12, i32 %52, i32 %13) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %806 = bitcast %struct.hrtimer_sleeper.83942* %8 to i8* %807 = bitcast %struct.rt_mutex_waiter.83905* %9 to i8* %808 = bitcast %struct.futex_hash_bucket** %10 to i8* %809 = bitcast %union.futex_key* %11 to i8* %810 = bitcast %struct.futex_q* %12 to i8* %811 = icmp eq i32* %0, %4 br i1 %811, label %1014, label %812 %813 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !6 %814 = icmp eq i64* %3, null br i1 %814, label %825, label %815 %816 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %813, i64 0, i32 151 %817 = load i64, i64* %816, align 8 %818 = lshr i32 %31, 1 %819 = and i32 %818, 1 %820 = xor i32 %819, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %8, i32 %820, i32 0) #70 %821 = load i64, i64* %3, align 8 %822 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %8, i64 0, i32 0, i32 1 store i64 %821, i64* %822, align 8 %823 = call i64 @ktime_add_safe(i64 %821, i64 %817) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __ia32_sys_futex ------------- Path:  Function:__ia32_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_futex(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %806 = bitcast %struct.hrtimer_sleeper.83942* %8 to i8* %807 = bitcast %struct.rt_mutex_waiter.83905* %9 to i8* %808 = bitcast %struct.futex_hash_bucket** %10 to i8* %809 = bitcast %union.futex_key* %11 to i8* %810 = bitcast %struct.futex_q* %12 to i8* %811 = icmp eq i32* %0, %4 br i1 %811, label %1014, label %812 %813 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !6 %814 = icmp eq i64* %3, null br i1 %814, label %825, label %815 %816 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %813, i64 0, i32 151 %817 = load i64, i64* %816, align 8 %818 = lshr i32 %31, 1 %819 = and i32 %818, 1 %820 = xor i32 %819, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %8, i32 %820, i32 0) #70 %821 = load i64, i64* %3, align 8 %822 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %8, i64 0, i32 0, i32 1 store i64 %821, i64* %822, align 8 %823 = call i64 @ktime_add_safe(i64 %821, i64 %817) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_futex 1 __se_sys_futex 2 __x64_sys_futex ------------- Path:  Function:__x64_sys_futex %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_futex(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_futex %7 = alloca %struct.anon.54, align 8 %8 = alloca i64, align 8 %9 = inttoptr i64 %0 to i32* %10 = trunc i64 %1 to i32 %11 = trunc i64 %2 to i32 %12 = inttoptr i64 %3 to %struct.anon.54* %13 = inttoptr i64 %4 to i32* %14 = trunc i64 %5 to i32 %15 = bitcast %struct.anon.54* %7 to i8* %16 = bitcast i64* %8 to i8* %17 = and i32 %10, -385 %18 = icmp eq i64 %3, 0 br i1 %18, label %46, label %19 %20 = icmp eq i32 %17, 0 %21 = icmp eq i32 %17, 6 %22 = or i1 %20, %21 %23 = and i32 %10, -387 %24 = icmp eq i32 %23, 9 %25 = or i1 %24, %22 br i1 %25, label %26, label %46 %27 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %12) #69 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %54 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 0 %31 = load i64, i64* %30, align 8 %32 = icmp slt i64 %31, 0 br i1 %32, label %54, label %33 %34 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %7, i64 0, i32 1 %35 = load i64, i64* %34, align 8 %36 = icmp ult i64 %35, 1000000000 br i1 %36, label %37, label %54 %38 = icmp sgt i64 %31, 9223372035 %39 = mul i64 %31, 1000000000 %40 = add i64 %35, %39 %41 = select i1 %38, i64 9223372036854775807, i64 %40, !prof !4 store i64 %41, i64* %8, align 8 br i1 %20, label %42, label %46 %47 = phi i64* [ null, %19 ], [ null, %6 ], [ %8, %37 ] switch i32 %17, label %50 [ i32 12, label %48 i32 5, label %48 i32 4, label %48 i32 3, label %48 ] %49 = trunc i64 %3 to i32 br label %50 %51 = phi i64* [ %47, %48 ], [ %47, %46 ], [ %8, %42 ] %52 = phi i32 [ %49, %48 ], [ 0, %46 ], [ 0, %42 ] %53 = call i64 @do_futex(i32* %9, i32 %10, i32 %11, i64* %51, i32* %13, i32 %52, i32 %14) #69 Function:do_futex %8 = alloca %struct.hrtimer_sleeper.83942, align 8 %9 = alloca %struct.rt_mutex_waiter.83905, align 8 %10 = alloca %struct.futex_hash_bucket*, align 8 %11 = alloca %union.futex_key, align 8 %12 = alloca %struct.futex_q, align 8 %13 = alloca %struct.wake_q_head, align 8 %14 = alloca %union.futex_key, align 8 %15 = alloca [16 x i8], align 16 %16 = alloca %union.futex_key, align 8 %17 = alloca %union.futex_key, align 8 %18 = alloca %struct.wake_q_head, align 8 %19 = alloca i32, align 4 store i32 %6, i32* %19, align 4 %20 = and i32 %1, -385 %21 = lshr i32 %1, 7 %22 = and i32 %21, 1 %23 = xor i32 %22, 1 %24 = and i32 %1, 256 %25 = icmp eq i32 %24, 0 br i1 %25, label %30, label %26 %27 = or i32 %23, 2 %28 = and i32 %1, -387 %29 = icmp eq i32 %28, 9 br i1 %29, label %30, label %1020 %31 = phi i32 [ %27, %26 ], [ %23, %7 ] switch i32 %20, label %1020 [ i32 6, label %32 i32 7, label %32 i32 8, label %32 i32 11, label %32 i32 12, label %32 i32 0, label %35 i32 9, label %36 i32 1, label %40 i32 10, label %41 i32 3, label %45 i32 4, label %48 i32 5, label %51 ] %33 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %33, label %34, label %1020 switch i32 %20, label %1020 [ i32 12, label %1017 i32 9, label %36 i32 11, label %805 i32 10, label %41 i32 8, label %802 i32 7, label %501 i32 6, label %498 ] store i32 -1, i32* %19, align 4 %806 = bitcast %struct.hrtimer_sleeper.83942* %8 to i8* %807 = bitcast %struct.rt_mutex_waiter.83905* %9 to i8* %808 = bitcast %struct.futex_hash_bucket** %10 to i8* %809 = bitcast %union.futex_key* %11 to i8* %810 = bitcast %struct.futex_q* %12 to i8* %811 = icmp eq i32* %0, %4 br i1 %811, label %1014, label %812 %813 = tail call %struct.task_struct.83941* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.83941** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.83941**)) #10, !srcloc !6 %814 = icmp eq i64* %3, null br i1 %814, label %825, label %815 %816 = getelementptr inbounds %struct.task_struct.83941, %struct.task_struct.83941* %813, i64 0, i32 151 %817 = load i64, i64* %816, align 8 %818 = lshr i32 %31, 1 %819 = and i32 %818, 1 %820 = xor i32 %819, 1 call void bitcast (void (%struct.hrtimer_sleeper.79143*, i32, i32)* @hrtimer_init_sleeper to void (%struct.hrtimer_sleeper.83942*, i32, i32)*)(%struct.hrtimer_sleeper.83942* nonnull %8, i32 %820, i32 0) #70 %821 = load i64, i64* %3, align 8 %822 = getelementptr inbounds %struct.hrtimer_sleeper.83942, %struct.hrtimer_sleeper.83942* %8, i64 0, i32 0, i32 1 store i64 %821, i64* %822, align 8 %823 = call i64 @ktime_add_safe(i64 %821, i64 %817) #70 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __ia32_sys_timerfd_gettime32 ------------- Path:  Function:__ia32_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __x64_sys_timerfd_gettime32 ------------- Path:  Function:__x64_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.old_itimerspec32** %7 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __ia32_sys_timerfd_gettime ------------- Path:  Function:__ia32_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_gettime 2 __x64_sys_timerfd_gettime ------------- Path:  Function:__x64_sys_timerfd_gettime %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.itimerspec64** %7 = load %struct.itimerspec64*, %struct.itimerspec64** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 Function:do_timerfd_gettime %3 = tail call i64 @__fdget(i32 %0) #69 %4 = and i64 %3, -4 %5 = inttoptr i64 %4 to %struct.file.138748* %6 = trunc i64 %3 to i32 %7 = icmp eq i64 %4, 0 br i1 %7, label %97, label %8 %9 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 3 %10 = load %struct.file_operations.138735*, %struct.file_operations.138735** %9, align 8 %11 = icmp eq %struct.file_operations.138735* %10, @timerfd_fops br i1 %11, label %16, label %12 %17 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %5, i64 0, i32 16 %18 = bitcast i8** %17 to %struct.timerfd_ctx** %19 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %18, align 8 %20 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 3, i32 0 %21 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %20, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %21) #69 %22 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 6 %23 = load i16, i16* %22, align 4 %24 = icmp eq i16 %23, 0 br i1 %24, label %59, label %25 %26 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp eq i64 %27, 0 br i1 %28, label %59, label %29 store i16 0, i16* %22, align 4 %30 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 5 %31 = load i32, i32* %30, align 8 %32 = and i32 %31, -2 %33 = icmp eq i32 %32, 8 br i1 %33, label %34, label %41 %35 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %19, i64 0, i32 0, i32 0 %36 = tail call i64 @alarm_forward_now(%struct.alarm* %35, i64 %27) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime32 ------------- Path:  Function:__ia32_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.old_itimerspec32* %15 = inttoptr i64 %13 to %struct.old_itimerspec32* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __x64_sys_timerfd_settime32 ------------- Path:  Function:__x64_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.old_itimerspec32** %10 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 do_timerfd_settime 2 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %106 = load i32, i32* %40, align 8 %107 = and i32 %106, -2 %108 = icmp eq i32 %107, 8 br i1 %108, label %109, label %111 %110 = tail call i64 @alarm_forward_now(%struct.alarm* %82, i64 %103) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_forward_now 1 timerfd_read ------------- Path:  Function:timerfd_read %5 = alloca %struct.wait_queue_entry, align 8 %6 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.timerfd_ctx** %8 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %7, align 8 %9 = icmp ult i64 %2, 8 br i1 %9, label %110, label %10 %11 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 3 %12 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %11, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %12) #69 %13 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2048 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %46 %18 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %19 = load i64, i64* %18, align 8 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %46 %22 = bitcast %struct.wait_queue_entry* %5 to i8* %23 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 0 store i32 0, i32* %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 1 %25 = tail call %struct.task_struct.138679* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.138679** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.138679**)) #10, !srcloc !4 %26 = bitcast i8** %24 to %struct.task_struct.138679** store %struct.task_struct.138679* %25, %struct.task_struct.138679** %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 2 store i32 (%struct.wait_queue_entry*, i32, i32, i8*)* @autoremove_wake_function, i32 (%struct.wait_queue_entry*, i32, i32, i8*)** %27, align 8 %28 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3 %29 = getelementptr inbounds %struct.list_head, %struct.list_head* %28, i64 0, i32 0 store %struct.list_head* %28, %struct.list_head** %29, align 8 %30 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 1 store %struct.list_head* %28, %struct.list_head** %30, align 8 br label %31 %32 = call i32 @do_wait_intr_irq(%struct.wait_queue_head* %11, %struct.wait_queue_entry* nonnull %5) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %37 %38 = load %struct.list_head*, %struct.list_head** %30, align 8 %39 = getelementptr inbounds %struct.wait_queue_entry, %struct.wait_queue_entry* %5, i64 0, i32 3, i32 0 %40 = load %struct.list_head*, %struct.list_head** %39, align 8 %41 = getelementptr inbounds %struct.list_head, %struct.list_head* %40, i64 0, i32 1 store %struct.list_head* %38, %struct.list_head** %41, align 8 %42 = ptrtoint %struct.list_head* %40 to i64 %43 = bitcast %struct.list_head* %38 to i64* store volatile i64 %42, i64* %43, align 8 %44 = getelementptr inbounds %struct.task_struct.138679, %struct.task_struct.138679* %25, i64 0, i32 1 store volatile i64 0, i64* %44, align 16 %45 = sext i32 %32 to i64 br label %46 %47 = phi i64 [ -11, %10 ], [ %45, %37 ], [ 0, %17 ] %48 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 11 %49 = load i8, i8* %48, align 4, !range !5 %50 = icmp eq i8 %49, 0 br i1 %50, label %59, label %51 %60 = phi i64 [ -125, %55 ], [ %47, %51 ], [ %47, %46 ] %61 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 4 %62 = load i64, i64* %61, align 8 %63 = icmp eq i64 %62, 0 br i1 %63, label %100, label %64 %65 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 6 %66 = load i16, i16* %65, align 4 %67 = icmp eq i16 %66, 0 br i1 %67, label %98, label %68 %69 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 1 %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %98, label %72 %73 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 5 %74 = load i32, i32* %73, align 8 %75 = and i32 %74, -2 %76 = icmp eq i32 %75, 8 br i1 %76, label %77, label %82 %78 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %8, i64 0, i32 0, i32 0 %79 = call i64 @alarm_forward_now(%struct.alarm* %78, i64 %70) #69 Function:alarm_forward_now %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 0, i32 1 %10 = load i64, i64* %9, align 8 %11 = sub i64 %8, %10 %12 = icmp slt i64 %11, 0 br i1 %12, label %32, label %13 %14 = icmp slt i64 %11, %1 br i1 %14, label %28, label %15, !prof !4, !misexpect !5 %16 = icmp sgt i64 %1, -1 br i1 %16, label %19, label %17, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([22 x i8], [22 x i8]* @.str.21.8866, i64 0, i64 0), i32 171, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 12) #6, !srcloc !7 %18 = load i64, i64* %9, align 8 br label %19 %20 = phi i64 [ %10, %15 ], [ %18, %17 ] %21 = sdiv i64 %11, %1 %22 = mul i64 %21, %1 %23 = add i64 %22, %20 store i64 %23, i64* %9, align 8 %24 = icmp sgt i64 %23, %8 %25 = xor i1 %24, true %26 = zext i1 %25 to i64 %27 = add i64 %21, %26 br i1 %24, label %32, label %28 %29 = phi i64 [ %23, %19 ], [ %10, %13 ] %30 = phi i64 [ %27, %19 ], [ 1, %13 ] %31 = tail call i64 @ktime_add_safe(i64 %29, i64 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime32 ------------- Path:  Function:__ia32_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.old_itimerspec32* %15 = inttoptr i64 %13 to %struct.old_itimerspec32* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __x64_sys_timerfd_settime32 ------------- Path:  Function:__x64_sys_timerfd_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.old_itimerspec32** %10 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.old_itimerspec32* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __ia32_sys_timerfd_settime ------------- Path:  Function:__ia32_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %10 to %struct.itimerspec64* %15 = inttoptr i64 %13 to %struct.itimerspec64* %16 = bitcast %struct.itimerspec64* %2 to i8* %17 = bitcast %struct.itimerspec64* %3 to i8* %18 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %14) #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %33 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = call fastcc i32 @do_timerfd_settime(i32 %22, i32 %21, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 alarm_start_relative 1 do_timerfd_settime 2 __x64_sys_timerfd_settime ------------- Path:  Function:__x64_sys_timerfd_settime %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = bitcast i64* %8 to %struct.itimerspec64** %10 = load %struct.itimerspec64*, %struct.itimerspec64** %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %12 = load i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.itimerspec64* %14 = bitcast %struct.itimerspec64* %2 to i8* %15 = bitcast %struct.itimerspec64* %3 to i8* %16 = call i32 @get_itimerspec64(%struct.itimerspec64* nonnull %2, %struct.itimerspec64* %10) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %31 %19 = trunc i64 %7 to i32 %20 = trunc i64 %5 to i32 %21 = call fastcc i32 @do_timerfd_settime(i32 %20, i32 %19, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* nonnull %3) #69 Function:do_timerfd_settime %5 = icmp ult i32 %1, 4 br i1 %5, label %6, label %207 %7 = getelementptr %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 0 %8 = load i64, i64* %7, align 8 %9 = icmp slt i64 %8, 0 br i1 %9, label %207, label %10 %11 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp ult i64 %12, 1000000000 br i1 %13, label %14, label %207 %15 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 0 %16 = load i64, i64* %15, align 8 %17 = icmp slt i64 %16, 0 br i1 %17, label %207, label %18 %19 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %2, i64 0, i32 1, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ult i64 %20, 1000000000 br i1 %21, label %22, label %207 %23 = tail call i64 @__fdget(i32 %0) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.138748* %26 = trunc i64 %23 to i32 %27 = icmp eq i64 %24, 0 br i1 %27, label %207, label %28 %29 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 3 %30 = load %struct.file_operations.138735*, %struct.file_operations.138735** %29, align 8 %31 = icmp eq %struct.file_operations.138735* %30, @timerfd_fops br i1 %31, label %36, label %32 %37 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %25, i64 0, i32 16 %38 = bitcast i8** %37 to %struct.timerfd_ctx** %39 = load %struct.timerfd_ctx*, %struct.timerfd_ctx** %38, align 8 %40 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 5 %41 = load i32, i32* %40, align 8 %42 = and i32 %41, -2 %43 = icmp eq i32 %42, 8 br i1 %43, label %44, label %50 %45 = tail call zeroext i1 @capable(i32 35) #69 br i1 %45, label %50, label %46 %51 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 10 %52 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %51, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %52) #69 %53 = load i32, i32* %40, align 8 switch i32 %53, label %67 [ i32 0, label %54 i32 8, label %54 ] %55 = icmp eq i32 %1, 3 br i1 %55, label %56, label %67 %57 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 11 %58 = load i8, i8* %57, align 4, !range !4 %59 = icmp eq i8 %58, 0 br i1 %59, label %60, label %79 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %80 = bitcast %struct.spinlock* %51 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = bitcast %struct.timerfd_ctx* %39 to %struct.hrtimer* %82 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0 %83 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 3, i32 0 %84 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %83, i64 0, i32 0, i32 0 %85 = bitcast %struct.spinlock* %83 to i8* br label %86 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %84) #69 %87 = load i32, i32* %40, align 8 %88 = and i32 %87, -2 %89 = icmp eq i32 %88, 8 br i1 %89, label %90, label %93 %94 = tail call i32 @hrtimer_try_to_cancel(%struct.hrtimer* %81) #69 %95 = icmp sgt i32 %94, -1 br i1 %95, label %97, label %96 %98 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 6 %99 = load i16, i16* %98, align 4 %100 = icmp eq i16 %99, 0 br i1 %100, label %119, label %101 %102 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %103 = load i64, i64* %102, align 8 %104 = icmp eq i64 %103, 0 br i1 %104, label %119, label %105 %120 = load i32, i32* %40, align 8 %121 = and i32 %120, -2 %122 = icmp eq i32 %121, 8 br i1 %122, label %123, label %125 %124 = tail call i64 @alarm_expires_remaining(%struct.alarm* %82) #69 br label %135 %136 = phi i64 [ %124, %123 ], [ %134, %125 ] %137 = icmp sgt i64 %136, 0 %138 = select i1 %137, i64 %136, i64 0 %139 = tail call { i64, i64 } @ns_to_timespec64(i64 %138) #69 %140 = extractvalue { i64, i64 } %139, 0 %141 = extractvalue { i64, i64 } %139, 1 %142 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 0 store i64 %140, i64* %142, align 8 %143 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 1, i32 1 store i64 %141, i64* %143, align 8 %144 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 1 %145 = load i64, i64* %144, align 8 %146 = tail call { i64, i64 } @ns_to_timespec64(i64 %145) #69 %147 = extractvalue { i64, i64 } %146, 0 %148 = extractvalue { i64, i64 } %146, 1 %149 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 0 store i64 %147, i64* %149, align 8 %150 = getelementptr inbounds %struct.itimerspec64, %struct.itimerspec64* %3, i64 0, i32 0, i32 1 store i64 %148, i64* %150, align 8 %151 = load i32, i32* %40, align 8 %152 = and i32 %1, 1 %153 = icmp eq i32 %152, 0 %154 = xor i32 %152, 1 %155 = load i64, i64* %15, align 8 %156 = load i64, i64* %19, align 8 %157 = icmp sgt i64 %155, 9223372035 %158 = mul i64 %155, 1000000000 %159 = add i64 %158, %156 %160 = select i1 %157, i64 9223372036854775807, i64 %159, !prof !11 store i16 0, i16* %98, align 4 %161 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 4 store i64 0, i64* %161, align 8 %162 = load i64, i64* %7, align 8 %163 = load i64, i64* %11, align 8 %164 = icmp sgt i64 %162, 9223372035 %165 = mul i64 %162, 1000000000 %166 = add i64 %165, %163 %167 = select i1 %164, i64 9223372036854775807, i64 %166, !prof !11 store i64 %167, i64* %144, align 8 %168 = and i32 %151, -2 %169 = icmp eq i32 %168, 8 br i1 %169, label %170, label %173 tail call void @hrtimer_init(%struct.hrtimer* %81, i32 %151, i32 %154) #69 %174 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 0, i32 1 store i64 %160, i64* %174, align 8 %175 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 0 store i64 %160, i64* %175, align 8 %176 = getelementptr inbounds %struct.timerfd_ctx, %struct.timerfd_ctx* %39, i64 0, i32 0, i32 0, i32 1, i32 0, i32 0, i32 1 %177 = bitcast %struct.rb_node** %176 to i32 (%struct.hrtimer*)** store i32 (%struct.hrtimer*)* @timerfd_tmrproc, i32 (%struct.hrtimer*)** %177, align 8 br label %178 %179 = icmp eq i64 %160, 0 br i1 %179, label %198, label %180 %181 = load i32, i32* %40, align 8 %182 = and i32 %181, -2 %183 = icmp eq i32 %182, 8 br i1 %183, label %184, label %187 br i1 %153, label %186, label %185 tail call void @alarm_start_relative(%struct.alarm* %82, i64 %160) #69 Function:alarm_start_relative %3 = getelementptr inbounds %struct.alarm, %struct.alarm* %0, i64 0, i32 3 %4 = load i32, i32* %3, align 8 %5 = zext i32 %4 to i64 %6 = getelementptr [2 x %struct.alarm_base], [2 x %struct.alarm_base]* @alarm_bases, i64 0, i64 %5, i32 2 %7 = load i64 ()*, i64 ()** %6, align 8 %8 = tail call i64 %7() #69 %9 = tail call i64 @ktime_add_safe(i64 %1, i64 %8) #69 ------------- Good: 6 Bad: 29 Ignored: 16 Check Use of Function:do_ip6t_get_ctl Check Use of Function:blk_rq_map_kern Check Use of Function:sr_lock_door Check Use of Function:xt_compat_flush_offsets Check Use of Function:destroy_local_trace_kprobe Check Use of Function:ext4_discard_preallocations Check Use of Function:__ip_tunnel_create Check Use of Function:security_sid_to_context Use: =BAD PATH= Call Stack: 0 sel_read_initcon ------------- Path:  Function:sel_read_initcon %5 = alloca i8*, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %8 = load %struct.inode.251157*, %struct.inode.251157** %7, align 8 %9 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %8, i64 0, i32 8 %10 = load %struct.super_block.251140*, %struct.super_block.251140** %9, align 8 %11 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.selinux_fs_info** %13 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %12, align 32 %14 = bitcast i8** %5 to i8* %15 = bitcast i32* %6 to i8* %16 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %8, i64 0, i32 11 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %17 to i32 %19 = and i32 %18, 16777215 %20 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %13, i64 0, i32 10 %21 = load %struct.selinux_state*, %struct.selinux_state** %20, align 8 %22 = call i32 @security_sid_to_context(%struct.selinux_state* %21, i32 %19, i8** nonnull %5, i32* nonnull %6) #69 ------------- Good: 11 Bad: 1 Ignored: 6 Check Use of Function:do_fchownat Use: =BAD PATH= Call Stack: 0 __ia32_sys_lchown ------------- Path:  Function:__ia32_sys_lchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %10, i32 %11, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_lchown ------------- Path:  Function:__x64_sys_lchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %9, i32 %10, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_chown ------------- Path:  Function:__ia32_sys_chown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i32 %11 = trunc i64 %8 to i32 %12 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %10, i32 %11, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_chown ------------- Path:  Function:__x64_sys_chown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %9, i32 %10, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchownat ------------- Path:  Function:__ia32_sys_fchownat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = trunc i64 %8 to i32 %16 = trunc i64 %10 to i32 %17 = trunc i64 %12 to i32 %18 = tail call i32 @do_fchownat(i32 %13, i8* %14, i32 %15, i32 %16, i32 %17) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchownat ------------- Path:  Function:__x64_sys_fchownat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %8 to i32 %15 = trunc i64 %10 to i32 %16 = trunc i64 %12 to i32 %17 = tail call i32 @do_fchownat(i32 %13, i8* %6, i32 %14, i32 %15, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_chown16 ------------- Path:  Function:__x64_sys_chown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i16 %11 = trunc i64 %6 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %8 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %14, i32 %18, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_chown16 ------------- Path:  Function:__ia32_sys_chown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i16 %12 = trunc i64 %6 to i32 %13 = and i32 %12, 65535 %14 = icmp eq i16 %10, -1 %15 = select i1 %14, i32 -1, i32 %13 %16 = trunc i64 %8 to i32 %17 = and i32 %16, 65535 %18 = icmp eq i16 %11, -1 %19 = select i1 %18, i32 -1, i32 %17 %20 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %15, i32 %19, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_lchown16 ------------- Path:  Function:__x64_sys_lchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i16 %11 = trunc i64 %6 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %8 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @do_fchownat(i32 -100, i8* %4, i32 %14, i32 %18, i32 256) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_lchown16 ------------- Path:  Function:__ia32_sys_lchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i16 %12 = trunc i64 %6 to i32 %13 = and i32 %12, 65535 %14 = icmp eq i16 %10, -1 %15 = select i1 %14, i32 -1, i32 %13 %16 = trunc i64 %8 to i32 %17 = and i32 %16, 65535 %18 = icmp eq i16 %11, -1 %19 = select i1 %18, i32 -1, i32 %17 %20 = tail call i32 @do_fchownat(i32 -100, i8* %9, i32 %15, i32 %19, i32 256) #69 ------------- Good: 3 Bad: 10 Ignored: 0 Check Use of Function:kbd_rate Check Use of Function:ext4_bmap Check Use of Function:__ext4_journal_stop Check Use of Function:sr_packet Check Use of Function:security_move_mount Check Use of Function:xt_alloc_table_info Check Use of Function:proc_ns_dir_lookup Check Use of Function:pci_mmap_fits Check Use of Function:shmem_rename2 Check Use of Function:_fat_bmap Check Use of Function:__netif_set_xps_queue Check Use of Function:qdisc_put Check Use of Function:ring_buffer_write Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 br label %70 %71 = getelementptr inbounds i8, i8* %69, i64 8 %72 = bitcast i8* %71 to i64* store i64 ptrtoint (i8* blockaddress(@tracing_mark_write, %70) to i64), i64* %72, align 8 %73 = getelementptr inbounds i8, i8* %69, i64 16 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %20, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %80, label %79 %81 = phi i64 [ -14, %79 ], [ %17, %70 ] %82 = phi i64 [ 9, %79 ], [ %17, %70 ] %83 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 25 %84 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %85 = icmp eq %struct.trace_event_file.96777* %84, null br i1 %85, label %96, label %86 %87 = getelementptr inbounds %struct.trace_event_file.96777, %struct.trace_event_file.96777* %84, i64 0, i32 6 %88 = bitcast %struct.list_head* %87 to i64* %89 = load volatile i64, i64* %88, align 8 %90 = inttoptr i64 %89 to %struct.list_head* %91 = icmp eq %struct.list_head* %87, %90 br i1 %91, label %96, label %92 %97 = phi i32 [ 0, %86 ], [ %95, %92 ], [ 0, %80 ] %98 = add nsw i64 %82, -1 %99 = getelementptr i8, i8* %73, i64 %98 %100 = load i8, i8* %99, align 1 %101 = icmp eq i8 %100, 10 %102 = getelementptr i8, i8* %73, i64 %82 br i1 %101, label %106, label %103 %107 = phi i8* [ %105, %103 ], [ %102, %96 ] store i8 0, i8* %107, align 1 call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %108 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %109 = icmp eq %struct.ring_buffer_event* %108, %27 br i1 %109, label %110, label %117 %111 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 0 %112 = load i32, i32* %111, align 4 %113 = zext i32 %112 to i64 %114 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %27, i64 0, i32 1, i64 1 %115 = bitcast i32* %114 to i8* %116 = call i32 @ring_buffer_write(%struct.ring_buffer* %24, i64 %113, i8* %115) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %34 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %35 = trunc i32 %29 to i8 %36 = getelementptr inbounds i8, i8* %33, i64 3 store i8 %35, i8* %36, align 1 %37 = icmp eq %struct.task_struct.96680* %34, null br i1 %37, label %41, label %38 %39 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 48 %40 = load i32, i32* %39, align 8 br label %41 %42 = phi i32 [ %40, %38 ], [ 0, %32 ] %43 = getelementptr inbounds i8, i8* %33, i64 4 %44 = bitcast i8* %43 to i32* store i32 %42, i32* %44, align 4 %45 = bitcast i8* %33 to i16* store i16 16, i16* %45, align 4 %46 = lshr i64 %22, 9 %47 = trunc i64 %46 to i32 %48 = and i32 %47, 1 %49 = lshr i32 %29, 14 %50 = and i32 %49, 64 %51 = or i32 %50, %48 %52 = and i32 %29, 983040 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i32 0, i32 8 %55 = lshr i32 %29, 4 %56 = and i32 %55, 16 %57 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 0, i32 0 %58 = load volatile i64, i64* %57, align 8 %59 = lshr i64 %58, 1 %60 = trunc i64 %59 to i32 %61 = and i32 %60, 4 %62 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %63 = lshr i32 %62, 26 %64 = and i32 %63, 32 %65 = or i32 %51, %56 %66 = or i32 %65, %54 %67 = or i32 %66, %61 %68 = or i32 %67, %64 %69 = trunc i32 %68 to i8 %70 = xor i8 %69, 33 %71 = getelementptr inbounds i8, i8* %33, i64 2 store i8 %70, i8* %71, align 2 %72 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %73 = getelementptr inbounds i8, i8* %72, i64 8 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %23, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %82, label %79 %83 = phi i64 [ -14, %79 ], [ %20, %41 ] call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %84 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %85 = icmp eq %struct.ring_buffer_event* %84, %30 br i1 %85, label %86, label %93 %87 = getelementptr inbounds %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 0 %88 = load i32, i32* %87, align 4 %89 = zext i32 %88 to i64 %90 = getelementptr %struct.ring_buffer_event, %struct.ring_buffer_event* %30, i64 0, i32 1, i64 1 %91 = bitcast i32* %90 to i8* %92 = call i32 @ring_buffer_write(%struct.ring_buffer* %27, i64 %89, i8* %91) #69 ------------- Good: 58 Bad: 2 Ignored: 4706 Check Use of Function:sg_new_read Check Use of Function:xt_target_to_user Check Use of Function:scsi_autopm_get_host Check Use of Function:nfs_rename Check Use of Function:drm_syncobj_free Check Use of Function:perf_install_in_context Check Use of Function:d_invalidate Check Use of Function:i915_driver_open Check Use of Function:dev_ingress_queue_create Check Use of Function:kernfs_iop_lookup Check Use of Function:ptep_set_access_flags Check Use of Function:translate_table.62904 Check Use of Function:ext4_expand_extra_isize Check Use of Function:xt_request_find_target Check Use of Function:compat_nf_setsockopt Check Use of Function:fl_release Check Use of Function:tcf_chain_flush Check Use of Function:do_utimes Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __ia32_sys_utimes_time32 ------------- Path:  Function:__ia32_sys_utimes_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to %struct.util_est* %10 = tail call fastcc i64 @do_compat_futimesat(i32 -100, i8* %8, %struct.util_est* %9) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.54], align 16 %5 = bitcast [2 x %struct.anon.54]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.54* null, %struct.anon.54* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.54* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __x64_sys_utimes_time32 ------------- Path:  Function:__x64_sys_utimes_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.util_est** %7 = load %struct.util_est*, %struct.util_est** %6, align 8 %8 = tail call fastcc i64 @do_compat_futimesat(i32 -100, i8* %4, %struct.util_est* %7) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.54], align 16 %5 = bitcast [2 x %struct.anon.54]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.54* null, %struct.anon.54* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.54* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __ia32_sys_futimesat_time32 ------------- Path:  Function:__ia32_sys_futimesat_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = inttoptr i64 %9 to %struct.util_est* %13 = tail call fastcc i64 @do_compat_futimesat(i32 %10, i8* %11, %struct.util_est* %12) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.54], align 16 %5 = bitcast [2 x %struct.anon.54]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.54* null, %struct.anon.54* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.54* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_compat_futimesat 1 __x64_sys_futimesat_time32 ------------- Path:  Function:__x64_sys_futimesat_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = trunc i64 %3 to i32 %11 = tail call fastcc i64 @do_compat_futimesat(i32 %10, i8* %6, %struct.util_est* %9) #69 Function:do_compat_futimesat %4 = alloca [2 x %struct.anon.54], align 16 %5 = bitcast [2 x %struct.anon.54]* %4 to i8* %6 = icmp eq %struct.util_est* %2, null br i1 %6, label %66, label %7 %67 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %4, i64 0, i64 0 %68 = select i1 %6, %struct.anon.54* null, %struct.anon.54* %67 %69 = call i64 @do_utimes(i32 %0, i8* %1, %struct.anon.54* %68, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utimensat_time32 ------------- Path:  Function:__ia32_sys_utimensat_time32 %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i8* %15 = inttoptr i64 %10 to %struct.util_est* %16 = trunc i64 %12 to i32 %17 = bitcast [2 x %struct.anon.54]* %2 to i8* %18 = icmp eq i64 %10, 0 br i1 %18, label %38, label %19 %20 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %21 = inttoptr i64 %10 to i8* %22 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %20, i8* nonnull %21) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %42 %25 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1 %26 = getelementptr %struct.util_est, %struct.util_est* %15, i64 1 %27 = bitcast %struct.util_est* %26 to i8* %28 = call i32 @get_old_timespec32(%struct.anon.54* %25, i8* %27) #69 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %42 %31 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 1073741822 br i1 %33, label %34, label %38 %35 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %36 = load i64, i64* %35, align 8 %37 = icmp eq i64 %36, 1073741822 br i1 %37, label %42, label %38 %39 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %40 = select i1 %18, %struct.anon.54* null, %struct.anon.54* %39 %41 = call i64 @do_utimes(i32 %13, i8* %14, %struct.anon.54* %40, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utimensat_time32 ------------- Path:  Function:__x64_sys_utimensat_time32 %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = inttoptr i64 %9 to %struct.util_est* %14 = trunc i64 %11 to i32 %15 = bitcast [2 x %struct.anon.54]* %2 to i8* %16 = icmp eq i64 %9, 0 br i1 %16, label %36, label %17 %18 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %19 = inttoptr i64 %9 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %18, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %40 %23 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1 %24 = getelementptr %struct.util_est, %struct.util_est* %13, i64 1 %25 = bitcast %struct.util_est* %24 to i8* %26 = call i32 @get_old_timespec32(%struct.anon.54* %23, i8* %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %40 %29 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp eq i64 %30, 1073741822 br i1 %31, label %32, label %36 %33 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %34 = load i64, i64* %33, align 8 %35 = icmp eq i64 %34, 1073741822 br i1 %35, label %40, label %36 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %38 = select i1 %16, %struct.anon.54* null, %struct.anon.54* %37 %39 = call i64 @do_utimes(i32 %12, i8* %7, %struct.anon.54* %38, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utime32 ------------- Path:  Function:__ia32_sys_utime32 %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to i8* %10 = inttoptr i64 %8 to %struct.util_est* %11 = bitcast [2 x %struct.anon.54]* %2 to i8* %12 = icmp eq i64 %8, 0 br i1 %12, label %42, label %13 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 0 %16 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %15, i64 4, i64 %14) #6, !srcloc !4 %17 = extractvalue { i32*, i64, i64 } %16, 0 %18 = extractvalue { i32*, i64, i64 } %16, 1 %19 = extractvalue { i32*, i64, i64 } %16, 2 %20 = ptrtoint i32* %17 to i64 %21 = shl i64 %18, 32 %22 = ashr exact i64 %21, 32 %23 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 store i64 %22, i64* %23, align 16 %24 = and i64 %20, 4294967295 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %46, !prof !5, !misexpect !6 %28 = getelementptr inbounds %struct.util_est, %struct.util_est* %10, i64 0, i32 1 %29 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %28, i64 4, i64 %27) #6, !srcloc !7 %30 = extractvalue { i32*, i64, i64 } %29, 0 %31 = extractvalue { i32*, i64, i64 } %29, 1 %32 = extractvalue { i32*, i64, i64 } %29, 2 %33 = ptrtoint i32* %30 to i64 %34 = shl i64 %31, 32 %35 = ashr exact i64 %34, 32 %36 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 store i64 %35, i64* %36, align 16 %37 = and i64 %33, 4294967295 %38 = icmp eq i64 %37, 0 br i1 %38, label %39, label %46, !prof !5, !misexpect !6 %40 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %40, align 8 %41 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %41, align 8 br label %42 %43 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %44 = select i1 %12, %struct.anon.54* null, %struct.anon.54* %43 %45 = call i64 @do_utimes(i32 -100, i8* %9, %struct.anon.54* %44, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utime32 ------------- Path:  Function:__x64_sys_utime32 %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.util_est* %9 = bitcast [2 x %struct.anon.54]* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %40, label %11 %13 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 0 %14 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %13, i64 4, i64 %12) #6, !srcloc !4 %15 = extractvalue { i32*, i64, i64 } %14, 0 %16 = extractvalue { i32*, i64, i64 } %14, 1 %17 = extractvalue { i32*, i64, i64 } %14, 2 %18 = ptrtoint i32* %15 to i64 %19 = shl i64 %16, 32 %20 = ashr exact i64 %19, 32 %21 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 store i64 %20, i64* %21, align 16 %22 = and i64 %18, 4294967295 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %44, !prof !5, !misexpect !6 %26 = getelementptr inbounds %struct.util_est, %struct.util_est* %8, i64 0, i32 1 %27 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %26, i64 4, i64 %25) #6, !srcloc !7 %28 = extractvalue { i32*, i64, i64 } %27, 0 %29 = extractvalue { i32*, i64, i64 } %27, 1 %30 = extractvalue { i32*, i64, i64 } %27, 2 %31 = ptrtoint i32* %28 to i64 %32 = shl i64 %29, 32 %33 = ashr exact i64 %32, 32 %34 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 store i64 %33, i64* %34, align 16 %35 = and i64 %31, 4294967295 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %44, !prof !5, !misexpect !6 %38 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %38, align 8 %39 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %39, align 8 br label %40 %41 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %42 = select i1 %10, %struct.anon.54* null, %struct.anon.54* %41 %43 = call i64 @do_utimes(i32 -100, i8* %5, %struct.anon.54* %42, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utime ------------- Path:  Function:__ia32_sys_utime %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = inttoptr i64 %5 to i8* %10 = inttoptr i64 %8 to %struct.anon.54* %11 = bitcast [2 x %struct.anon.54]* %2 to i8* %12 = icmp eq i64 %8, 0 br i1 %12, label %38, label %13 %15 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %10, i64 0, i32 0 %16 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64 8, i64 %14) #6, !srcloc !4 %17 = extractvalue { i64*, i64, i64 } %16, 0 %18 = extractvalue { i64*, i64, i64 } %16, 1 %19 = extractvalue { i64*, i64, i64 } %16, 2 %20 = ptrtoint i64* %17 to i64 %21 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 store i64 %18, i64* %21, align 16 %22 = and i64 %20, 4294967295 %23 = icmp eq i64 %22, 0 br i1 %23, label %24, label %42, !prof !5, !misexpect !6 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %10, i64 0, i32 1 %27 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %26, i64 8, i64 %25) #6, !srcloc !7 %28 = extractvalue { i64*, i64, i64 } %27, 0 %29 = extractvalue { i64*, i64, i64 } %27, 1 %30 = extractvalue { i64*, i64, i64 } %27, 2 %31 = ptrtoint i64* %28 to i64 %32 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 store i64 %29, i64* %32, align 16 %33 = and i64 %31, 4294967295 %34 = icmp eq i64 %33, 0 br i1 %34, label %35, label %42, !prof !5, !misexpect !6 %36 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %36, align 8 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %37, align 8 br label %38 %39 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %40 = select i1 %12, %struct.anon.54* null, %struct.anon.54* %39 %41 = call i64 @do_utimes(i32 -100, i8* %9, %struct.anon.54* %40, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utime ------------- Path:  Function:__x64_sys_utime %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = bitcast i64* %3 to i8** %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = inttoptr i64 %7 to %struct.anon.54* %9 = bitcast [2 x %struct.anon.54]* %2 to i8* %10 = icmp eq i64 %7, 0 br i1 %10, label %36, label %11 %13 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %14 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %13, i64 8, i64 %12) #6, !srcloc !4 %15 = extractvalue { i64*, i64, i64 } %14, 0 %16 = extractvalue { i64*, i64, i64 } %14, 1 %17 = extractvalue { i64*, i64, i64 } %14, 2 %18 = ptrtoint i64* %15 to i64 %19 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 store i64 %16, i64* %19, align 16 %20 = and i64 %18, 4294967295 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %40, !prof !5, !misexpect !6 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %25 = tail call { i64*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i64* %24, i64 8, i64 %23) #6, !srcloc !7 %26 = extractvalue { i64*, i64, i64 } %25, 0 %27 = extractvalue { i64*, i64, i64 } %25, 1 %28 = extractvalue { i64*, i64, i64 } %25, 2 %29 = ptrtoint i64* %26 to i64 %30 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 store i64 %27, i64* %30, align 16 %31 = and i64 %29, 4294967295 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %40, !prof !5, !misexpect !6 %34 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 store i64 0, i64* %34, align 8 %35 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 store i64 0, i64* %35, align 8 br label %36 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %38 = select i1 %10, %struct.anon.54* null, %struct.anon.54* %37 %39 = call i64 @do_utimes(i32 -100, i8* %5, %struct.anon.54* %38, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utimes ------------- Path:  Function:__ia32_sys_utimes %2 = alloca [2 x %struct.anon.54], align 16 %3 = alloca [2 x %struct.anon.54], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %6 to i8* %11 = bitcast [2 x %struct.anon.54]* %2 to i8* %12 = bitcast [2 x %struct.anon.54]* %3 to i8* %13 = icmp eq i64 %9, 0 br i1 %13, label %37, label %14 %15 = inttoptr i64 %9 to i8* %16 = call i64 @_copy_from_user(i8* nonnull %11, i8* nonnull %15, i64 32) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %41 %19 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %20 = load i64, i64* %19, align 8 %21 = icmp ugt i64 %20, 999999 br i1 %21, label %41, label %22 %23 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %24 = load i64, i64* %23, align 8 %25 = icmp ugt i64 %24, 999999 br i1 %25, label %41, label %26 %27 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 %28 = load i64, i64* %27, align 16 %29 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 0 store i64 %28, i64* %29, align 16 %30 = mul nuw nsw i64 %20, 1000 %31 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 1 store i64 %30, i64* %31, align 8 %32 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 %33 = load i64, i64* %32, align 16 %34 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 0 store i64 %33, i64* %34, align 16 %35 = mul nuw nsw i64 %24, 1000 %36 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 1 store i64 %35, i64* %36, align 8 br label %37 %38 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0 %39 = select i1 %13, %struct.anon.54* null, %struct.anon.54* %38 %40 = call i64 @do_utimes(i32 -100, i8* %10, %struct.anon.54* %39, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utimes ------------- Path:  Function:__x64_sys_utimes %2 = alloca [2 x %struct.anon.54], align 16 %3 = alloca [2 x %struct.anon.54], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = bitcast [2 x %struct.anon.54]* %2 to i8* %10 = bitcast [2 x %struct.anon.54]* %3 to i8* %11 = icmp eq i64 %8, 0 br i1 %11, label %35, label %12 %13 = inttoptr i64 %8 to i8* %14 = call i64 @_copy_from_user(i8* nonnull %9, i8* nonnull %13, i64 32) #69 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %39 %17 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %18 = load i64, i64* %17, align 8 %19 = icmp ugt i64 %18, 999999 br i1 %19, label %39, label %20 %21 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %22 = load i64, i64* %21, align 8 %23 = icmp ugt i64 %22, 999999 br i1 %23, label %39, label %24 %25 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 %26 = load i64, i64* %25, align 16 %27 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 0 store i64 %26, i64* %27, align 16 %28 = mul nuw nsw i64 %18, 1000 %29 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 1 store i64 %28, i64* %29, align 8 %30 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 %31 = load i64, i64* %30, align 16 %32 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 0 store i64 %31, i64* %32, align 16 %33 = mul nuw nsw i64 %22, 1000 %34 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 1 store i64 %33, i64* %34, align 8 br label %35 %36 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0 %37 = select i1 %11, %struct.anon.54* null, %struct.anon.54* %36 %38 = call i64 @do_utimes(i32 -100, i8* %6, %struct.anon.54* %37, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_futimesat ------------- Path:  Function:__ia32_sys_futimesat %2 = alloca [2 x %struct.anon.54], align 16 %3 = alloca [2 x %struct.anon.54], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %5 to i32 %13 = inttoptr i64 %8 to i8* %14 = bitcast [2 x %struct.anon.54]* %2 to i8* %15 = bitcast [2 x %struct.anon.54]* %3 to i8* %16 = icmp eq i64 %11, 0 br i1 %16, label %40, label %17 %18 = inttoptr i64 %11 to i8* %19 = call i64 @_copy_from_user(i8* nonnull %14, i8* nonnull %18, i64 32) #69 %20 = icmp eq i64 %19, 0 br i1 %20, label %21, label %44 %22 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %23 = load i64, i64* %22, align 8 %24 = icmp ugt i64 %23, 999999 br i1 %24, label %44, label %25 %26 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %27 = load i64, i64* %26, align 8 %28 = icmp ugt i64 %27, 999999 br i1 %28, label %44, label %29 %30 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 %31 = load i64, i64* %30, align 16 %32 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 0 store i64 %31, i64* %32, align 16 %33 = mul nuw nsw i64 %23, 1000 %34 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 1 store i64 %33, i64* %34, align 8 %35 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 %36 = load i64, i64* %35, align 16 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 0 store i64 %36, i64* %37, align 16 %38 = mul nuw nsw i64 %27, 1000 %39 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 1 store i64 %38, i64* %39, align 8 br label %40 %41 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0 %42 = select i1 %16, %struct.anon.54* null, %struct.anon.54* %41 %43 = call i64 @do_utimes(i32 %12, i8* %13, %struct.anon.54* %42, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_futimesat ------------- Path:  Function:__x64_sys_futimesat %2 = alloca [2 x %struct.anon.54], align 16 %3 = alloca [2 x %struct.anon.54], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = bitcast i64* %6 to i8** %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %5 to i32 %12 = bitcast [2 x %struct.anon.54]* %2 to i8* %13 = bitcast [2 x %struct.anon.54]* %3 to i8* %14 = icmp eq i64 %10, 0 br i1 %14, label %38, label %15 %16 = inttoptr i64 %10 to i8* %17 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %16, i64 32) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %42 %20 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %21 = load i64, i64* %20, align 8 %22 = icmp ugt i64 %21, 999999 br i1 %22, label %42, label %23 %24 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %25 = load i64, i64* %24, align 8 %26 = icmp ugt i64 %25, 999999 br i1 %26, label %42, label %27 %28 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 0 %29 = load i64, i64* %28, align 16 %30 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 0 store i64 %29, i64* %30, align 16 %31 = mul nuw nsw i64 %21, 1000 %32 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0, i32 1 store i64 %31, i64* %32, align 8 %33 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 0 %34 = load i64, i64* %33, align 16 %35 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 0 store i64 %34, i64* %35, align 16 %36 = mul nuw nsw i64 %25, 1000 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 1, i32 1 store i64 %36, i64* %37, align 8 br label %38 %39 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %3, i64 0, i64 0 %40 = select i1 %14, %struct.anon.54* null, %struct.anon.54* %39 %41 = call i64 @do_utimes(i32 %11, i8* %8, %struct.anon.54* %40, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_utimensat ------------- Path:  Function:__ia32_sys_utimensat %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to i8* %15 = inttoptr i64 %10 to %struct.anon.54* %16 = trunc i64 %12 to i32 %17 = bitcast [2 x %struct.anon.54]* %2 to i8* %18 = icmp eq i64 %10, 0 br i1 %18, label %36, label %19 %20 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %21 = call i32 @get_timespec64(%struct.anon.54* nonnull %20, %struct.anon.54* nonnull %15) #69 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %40 %24 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1 %25 = getelementptr %struct.anon.54, %struct.anon.54* %15, i64 1 %26 = call i32 @get_timespec64(%struct.anon.54* %24, %struct.anon.54* %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %40 %29 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp eq i64 %30, 1073741822 br i1 %31, label %32, label %36 %33 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %34 = load i64, i64* %33, align 8 %35 = icmp eq i64 %34, 1073741822 br i1 %35, label %40, label %36 %37 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %38 = select i1 %18, %struct.anon.54* null, %struct.anon.54* %37 %39 = call i64 @do_utimes(i32 %13, i8* %14, %struct.anon.54* %38, i32 %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_utimensat ------------- Path:  Function:__x64_sys_utimensat %2 = alloca [2 x %struct.anon.54], align 16 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = inttoptr i64 %9 to %struct.anon.54* %14 = trunc i64 %11 to i32 %15 = bitcast [2 x %struct.anon.54]* %2 to i8* %16 = icmp eq i64 %9, 0 br i1 %16, label %34, label %17 %18 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %19 = call i32 @get_timespec64(%struct.anon.54* nonnull %18, %struct.anon.54* nonnull %13) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %38 %22 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1 %23 = getelementptr %struct.anon.54, %struct.anon.54* %13, i64 1 %24 = call i32 @get_timespec64(%struct.anon.54* %22, %struct.anon.54* %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp eq i64 %28, 1073741822 br i1 %29, label %30, label %34 %31 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 1, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp eq i64 %32, 1073741822 br i1 %33, label %38, label %34 %35 = getelementptr inbounds [2 x %struct.anon.54], [2 x %struct.anon.54]* %2, i64 0, i64 0 %36 = select i1 %16, %struct.anon.54* null, %struct.anon.54* %35 %37 = call i64 @do_utimes(i32 %12, i8* %7, %struct.anon.54* %36, i32 %14) #69 ------------- Good: 4 Bad: 16 Ignored: 0 Check Use of Function:get_mm_exe_file Check Use of Function:compat_import_iovec Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %219 = zext i32 %91 to i64 %220 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %221 = load i32, i32* %220, align 8 %222 = inttoptr i64 %219 to %struct.user_msghdr* %223 = or i32 %221, -2147483648 %224 = call i64 @__sys_sendmsg(i32 %89, %struct.user_msghdr* %222, i32 %223, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __ia32_compat_sys_sendmsg ------------- Path:  Function:__ia32_compat_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __se_sys_socketcall 3 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %211 = trunc i64 %39 to i32 %212 = inttoptr i64 %41 to %struct.user_msghdr* %213 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %214 = load i64, i64* %213, align 16 %215 = trunc i64 %214 to i32 %216 = call i64 @__sys_sendmsg(i32 %211, %struct.user_msghdr* %212, i32 %215, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __se_sys_socketcall 3 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %211 = trunc i64 %39 to i32 %212 = inttoptr i64 %41 to %struct.user_msghdr* %213 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %214 = load i64, i64* %213, align 16 %215 = trunc i64 %214 to i32 %216 = call i64 @__sys_sendmsg(i32 %211, %struct.user_msghdr* %212, i32 %215, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __ia32_sys_sendmsg ------------- Path:  Function:__ia32_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.user_msghdr* %11 = trunc i64 %8 to i32 %12 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %10, i32 %11, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmsg 2 __x64_sys_sendmsg ------------- Path:  Function:__x64_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.user_msghdr** %6 = load %struct.user_msghdr*, %struct.user_msghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %6, i32 %10, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %8, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmmsg 2 __ia32_compat_sys_sendmmsg ------------- Path:  Function:__ia32_compat_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = inttoptr i64 %6 to %struct.mmsghdr* %15 = or i32 %13, -2147483648 %16 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %14, i32 %12, i32 %15, i1 zeroext false) #69 Function:__sys_sendmmsg %6 = alloca %struct.__kernel_sockaddr_storage, align 8 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.__kernel_sockaddr_storage, align 8 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.msghdr.250942, align 8 %12 = alloca %struct.used_address, align 8 %13 = bitcast %struct.msghdr.250942* %11 to i8* %14 = bitcast %struct.used_address* %12 to i8* %15 = xor i1 %4, true %16 = icmp sgt i32 %3, -1 %17 = or i1 %16, %15 br i1 %17, label %18, label %119 %19 = icmp ult i32 %2, 1024 %20 = select i1 %19, i32 %2, i32 1024 %21 = tail call i64 @__fdget(i32 %0) #69 %22 = and i64 %21, -4 %23 = inttoptr i64 %22 to %struct.file.250940* %24 = trunc i64 %21 to i32 %25 = icmp eq i64 %22, 0 br i1 %25, label %119, label %26 %27 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 3 %28 = load %struct.file_operations.250931*, %struct.file_operations.250931** %27, align 8 %29 = icmp eq %struct.file_operations.250931* %28, @socket_file_ops br i1 %29, label %30, label %35 %31 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 16 %32 = bitcast i8** %31 to %struct.socket.250973** %33 = load %struct.socket.250973*, %struct.socket.250973** %32, align 8 %34 = icmp eq %struct.socket.250973* %33, null br i1 %34, label %35, label %40, !prof !4, !misexpect !5 %41 = and i32 %24, 1 %42 = getelementptr inbounds %struct.used_address, %struct.used_address* %12, i64 0, i32 1 store i32 -1, i32* %42, align 8 %43 = icmp eq i32 %20, 0 br i1 %43, label %109, label %44 %45 = or i32 %3, 262144 %46 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %47 = add nsw i32 %20, -1 %48 = bitcast %struct.__kernel_sockaddr_storage* %8 to i8* %49 = bitcast [8 x %struct.iovec]* %9 to i8* %50 = bitcast %struct.iovec** %10 to i8* %51 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 %52 = bitcast %struct.msghdr.250942* %11 to %struct.__kernel_sockaddr_storage** %53 = bitcast %struct.iovec** %10 to i8** %54 = bitcast %struct.__kernel_sockaddr_storage* %6 to i8* %55 = bitcast %struct.iovec** %7 to i8* %56 = bitcast %struct.iovec** %7 to i8** %57 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %11, i64 0, i32 2, i32 2 br label %58 %59 = phi i32 [ %45, %44 ], [ %64, %106 ] %60 = phi i32 [ 0, %44 ], [ %103, %106 ] %61 = phi %struct.mmsghdr* [ %1, %44 ], [ %100, %106 ] %62 = phi %struct.compat_mmsghdr* [ %46, %44 ], [ %99, %106 ] %63 = icmp eq i32 %60, %47 %64 = select i1 %63, i32 %3, i32 %59 %65 = icmp sgt i32 %64, -1 br i1 %65, label %83, label %66 store %struct.iovec* %51, %struct.iovec** %10, align 8 store %struct.__kernel_sockaddr_storage* %8, %struct.__kernel_sockaddr_storage** %52, align 8 %67 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %62, i64 0, i32 0 %68 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %11, %struct.x86_pmu_capability* %67, %struct.sys_desc_table** null, %struct.iovec** nonnull %10) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmmsg 2 __ia32_sys_sendmmsg ------------- Path:  Function:__ia32_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to %struct.mmsghdr* %13 = trunc i64 %8 to i32 %14 = trunc i64 %10 to i32 %15 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %12, i32 %13, i32 %14, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.__kernel_sockaddr_storage, align 8 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.__kernel_sockaddr_storage, align 8 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.msghdr.250942, align 8 %12 = alloca %struct.used_address, align 8 %13 = bitcast %struct.msghdr.250942* %11 to i8* %14 = bitcast %struct.used_address* %12 to i8* %15 = xor i1 %4, true %16 = icmp sgt i32 %3, -1 %17 = or i1 %16, %15 br i1 %17, label %18, label %119 %19 = icmp ult i32 %2, 1024 %20 = select i1 %19, i32 %2, i32 1024 %21 = tail call i64 @__fdget(i32 %0) #69 %22 = and i64 %21, -4 %23 = inttoptr i64 %22 to %struct.file.250940* %24 = trunc i64 %21 to i32 %25 = icmp eq i64 %22, 0 br i1 %25, label %119, label %26 %27 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 3 %28 = load %struct.file_operations.250931*, %struct.file_operations.250931** %27, align 8 %29 = icmp eq %struct.file_operations.250931* %28, @socket_file_ops br i1 %29, label %30, label %35 %31 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 16 %32 = bitcast i8** %31 to %struct.socket.250973** %33 = load %struct.socket.250973*, %struct.socket.250973** %32, align 8 %34 = icmp eq %struct.socket.250973* %33, null br i1 %34, label %35, label %40, !prof !4, !misexpect !5 %41 = and i32 %24, 1 %42 = getelementptr inbounds %struct.used_address, %struct.used_address* %12, i64 0, i32 1 store i32 -1, i32* %42, align 8 %43 = icmp eq i32 %20, 0 br i1 %43, label %109, label %44 %45 = or i32 %3, 262144 %46 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %47 = add nsw i32 %20, -1 %48 = bitcast %struct.__kernel_sockaddr_storage* %8 to i8* %49 = bitcast [8 x %struct.iovec]* %9 to i8* %50 = bitcast %struct.iovec** %10 to i8* %51 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 %52 = bitcast %struct.msghdr.250942* %11 to %struct.__kernel_sockaddr_storage** %53 = bitcast %struct.iovec** %10 to i8** %54 = bitcast %struct.__kernel_sockaddr_storage* %6 to i8* %55 = bitcast %struct.iovec** %7 to i8* %56 = bitcast %struct.iovec** %7 to i8** %57 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %11, i64 0, i32 2, i32 2 br label %58 %59 = phi i32 [ %45, %44 ], [ %64, %106 ] %60 = phi i32 [ 0, %44 ], [ %103, %106 ] %61 = phi %struct.mmsghdr* [ %1, %44 ], [ %100, %106 ] %62 = phi %struct.compat_mmsghdr* [ %46, %44 ], [ %99, %106 ] %63 = icmp eq i32 %60, %47 %64 = select i1 %63, i32 %3, i32 %59 %65 = icmp sgt i32 %64, -1 br i1 %65, label %83, label %66 store %struct.iovec* %51, %struct.iovec** %10, align 8 store %struct.__kernel_sockaddr_storage* %8, %struct.__kernel_sockaddr_storage** %52, align 8 %67 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %62, i64 0, i32 0 %68 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %11, %struct.x86_pmu_capability* %67, %struct.sys_desc_table** null, %struct.iovec** nonnull %10) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_sendmmsg 2 __x64_sys_sendmmsg ------------- Path:  Function:__x64_sys_sendmmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.mmsghdr** %6 = load %struct.mmsghdr*, %struct.mmsghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i32 %13 = trunc i64 %10 to i32 %14 = tail call i32 @__sys_sendmmsg(i32 %11, %struct.mmsghdr* %6, i32 %12, i32 %13, i1 zeroext true) #69 Function:__sys_sendmmsg %6 = alloca %struct.__kernel_sockaddr_storage, align 8 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.__kernel_sockaddr_storage, align 8 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.msghdr.250942, align 8 %12 = alloca %struct.used_address, align 8 %13 = bitcast %struct.msghdr.250942* %11 to i8* %14 = bitcast %struct.used_address* %12 to i8* %15 = xor i1 %4, true %16 = icmp sgt i32 %3, -1 %17 = or i1 %16, %15 br i1 %17, label %18, label %119 %19 = icmp ult i32 %2, 1024 %20 = select i1 %19, i32 %2, i32 1024 %21 = tail call i64 @__fdget(i32 %0) #69 %22 = and i64 %21, -4 %23 = inttoptr i64 %22 to %struct.file.250940* %24 = trunc i64 %21 to i32 %25 = icmp eq i64 %22, 0 br i1 %25, label %119, label %26 %27 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 3 %28 = load %struct.file_operations.250931*, %struct.file_operations.250931** %27, align 8 %29 = icmp eq %struct.file_operations.250931* %28, @socket_file_ops br i1 %29, label %30, label %35 %31 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %23, i64 0, i32 16 %32 = bitcast i8** %31 to %struct.socket.250973** %33 = load %struct.socket.250973*, %struct.socket.250973** %32, align 8 %34 = icmp eq %struct.socket.250973* %33, null br i1 %34, label %35, label %40, !prof !4, !misexpect !5 %41 = and i32 %24, 1 %42 = getelementptr inbounds %struct.used_address, %struct.used_address* %12, i64 0, i32 1 store i32 -1, i32* %42, align 8 %43 = icmp eq i32 %20, 0 br i1 %43, label %109, label %44 %45 = or i32 %3, 262144 %46 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %47 = add nsw i32 %20, -1 %48 = bitcast %struct.__kernel_sockaddr_storage* %8 to i8* %49 = bitcast [8 x %struct.iovec]* %9 to i8* %50 = bitcast %struct.iovec** %10 to i8* %51 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 %52 = bitcast %struct.msghdr.250942* %11 to %struct.__kernel_sockaddr_storage** %53 = bitcast %struct.iovec** %10 to i8** %54 = bitcast %struct.__kernel_sockaddr_storage* %6 to i8* %55 = bitcast %struct.iovec** %7 to i8* %56 = bitcast %struct.iovec** %7 to i8** %57 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %11, i64 0, i32 2, i32 2 br label %58 %59 = phi i32 [ %45, %44 ], [ %64, %106 ] %60 = phi i32 [ 0, %44 ], [ %103, %106 ] %61 = phi %struct.mmsghdr* [ %1, %44 ], [ %100, %106 ] %62 = phi %struct.compat_mmsghdr* [ %46, %44 ], [ %99, %106 ] %63 = icmp eq i32 %60, %47 %64 = select i1 %63, i32 %3, i32 %59 %65 = icmp sgt i32 %64, -1 br i1 %65, label %83, label %66 store %struct.iovec* %51, %struct.iovec** %10, align 8 store %struct.__kernel_sockaddr_storage* %8, %struct.__kernel_sockaddr_storage** %52, align 8 %67 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %62, i64 0, i32 0 %68 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %11, %struct.x86_pmu_capability* %67, %struct.sys_desc_table** null, %struct.iovec** nonnull %10) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_recvmsg 2 __ia32_compat_sys_recvmsg ------------- Path:  Function:__ia32_compat_sys_recvmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_recvmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_recvmsg %5 = alloca %struct.user_msghdr, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.sys_desc_table*, align 8 %9 = alloca %struct.msghdr.250942, align 8 %10 = bitcast %struct.msghdr.250942* %9 to i8* %11 = xor i1 %3, true %12 = icmp sgt i32 %2, -1 %13 = or i1 %12, %11 br i1 %13, label %14, label %112 %15 = tail call i64 @__fdget(i32 %0) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.250940* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %109, label %20 %21 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 3 %22 = load %struct.file_operations.250931*, %struct.file_operations.250931** %21, align 8 %23 = icmp eq %struct.file_operations.250931* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.250973** %27 = load %struct.socket.250973*, %struct.socket.250973** %26, align 8 %28 = icmp eq %struct.socket.250973* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.sys_desc_table** %8 to i8* br i1 %12, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %9, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** nonnull %8, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_recvmsg 2 __ia32_sys_recvmsg ------------- Path:  Function:__ia32_sys_recvmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.user_msghdr* %11 = trunc i64 %8 to i32 %12 = tail call i64 @__sys_recvmsg(i32 %9, %struct.user_msghdr* %10, i32 %11, i1 zeroext true) #69 Function:__sys_recvmsg %5 = alloca %struct.user_msghdr, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.sys_desc_table*, align 8 %9 = alloca %struct.msghdr.250942, align 8 %10 = bitcast %struct.msghdr.250942* %9 to i8* %11 = xor i1 %3, true %12 = icmp sgt i32 %2, -1 %13 = or i1 %12, %11 br i1 %13, label %14, label %112 %15 = tail call i64 @__fdget(i32 %0) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.250940* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %109, label %20 %21 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 3 %22 = load %struct.file_operations.250931*, %struct.file_operations.250931** %21, align 8 %23 = icmp eq %struct.file_operations.250931* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.250973** %27 = load %struct.socket.250973*, %struct.socket.250973** %26, align 8 %28 = icmp eq %struct.socket.250973* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.sys_desc_table** %8 to i8* br i1 %12, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %9, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** nonnull %8, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 __sys_recvmsg 2 __x64_sys_recvmsg ------------- Path:  Function:__x64_sys_recvmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.user_msghdr** %6 = load %struct.user_msghdr*, %struct.user_msghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__sys_recvmsg(i32 %9, %struct.user_msghdr* %6, i32 %10, i1 zeroext true) #69 Function:__sys_recvmsg %5 = alloca %struct.user_msghdr, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.sys_desc_table*, align 8 %9 = alloca %struct.msghdr.250942, align 8 %10 = bitcast %struct.msghdr.250942* %9 to i8* %11 = xor i1 %3, true %12 = icmp sgt i32 %2, -1 %13 = or i1 %12, %11 br i1 %13, label %14, label %112 %15 = tail call i64 @__fdget(i32 %0) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.250940* %18 = trunc i64 %15 to i32 %19 = icmp eq i64 %16, 0 br i1 %19, label %109, label %20 %21 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 3 %22 = load %struct.file_operations.250931*, %struct.file_operations.250931** %21, align 8 %23 = icmp eq %struct.file_operations.250931* %22, @socket_file_ops br i1 %23, label %24, label %29 %25 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %17, i64 0, i32 16 %26 = bitcast i8** %25 to %struct.socket.250973** %27 = load %struct.socket.250973*, %struct.socket.250973** %26, align 8 %28 = icmp eq %struct.socket.250973* %27, null br i1 %28, label %29, label %34, !prof !4, !misexpect !5 %35 = and i32 %18, 1 %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.sys_desc_table** %8 to i8* br i1 %12, label %43, label %40 %41 = bitcast %struct.user_msghdr* %1 to %struct.x86_pmu_capability* %42 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %9, %struct.x86_pmu_capability* %41, %struct.sys_desc_table** nonnull %8, %struct.iovec** nonnull %7) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __ia32_sys_recvmmsg_time32 ------------- Path:  Function:__ia32_sys_recvmmsg_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = trunc i64 %4 to i32 %16 = inttoptr i64 %7 to %struct.mmsghdr* %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = icmp sgt i32 %18, -1 br i1 %19, label %20, label %39 %21 = bitcast %struct.anon.54* %2 to i8* %22 = icmp eq i64 %14, 0 br i1 %22, label %27, label %23 %24 = inttoptr i64 %14 to i8* %25 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %24) #69 %26 = icmp eq i32 %25, 0 br i1 %26, label %29, label %36 %30 = call fastcc i32 @do_recvmmsg(i32 %15, %struct.mmsghdr* %16, i32 %17, i32 %18, %struct.anon.54* nonnull %2) #69 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __x64_sys_recvmmsg_time32 ------------- Path:  Function:__x64_sys_recvmmsg_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.mmsghdr** %7 = load %struct.mmsghdr*, %struct.mmsghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %9 to i32 %16 = trunc i64 %11 to i32 %17 = icmp sgt i32 %16, -1 br i1 %17, label %18, label %37 %19 = bitcast %struct.anon.54* %2 to i8* %20 = icmp eq i64 %13, 0 br i1 %20, label %25, label %21 %22 = inttoptr i64 %13 to i8* %23 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %22) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %34 %28 = call fastcc i32 @do_recvmmsg(i32 %14, %struct.mmsghdr* %7, i32 %15, i32 %16, %struct.anon.54* nonnull %2) #69 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __ia32_sys_recvmmsg ------------- Path:  Function:__ia32_sys_recvmmsg %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = trunc i64 %4 to i32 %16 = inttoptr i64 %7 to %struct.mmsghdr* %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = inttoptr i64 %14 to %struct.anon.54* %20 = icmp sgt i32 %18, -1 br i1 %20, label %21, label %39 %22 = bitcast %struct.anon.54* %2 to i8* %23 = icmp eq i64 %14, 0 br i1 %23, label %27, label %24 %25 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %26 = icmp eq i32 %25, 0 br i1 %26, label %29, label %36 %30 = call fastcc i32 @do_recvmmsg(i32 %15, %struct.mmsghdr* %16, i32 %17, i32 %18, %struct.anon.54* nonnull %2) #69 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __x64_sys_recvmmsg ------------- Path:  Function:__x64_sys_recvmmsg %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.mmsghdr** %7 = load %struct.mmsghdr*, %struct.mmsghdr** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %9 to i32 %16 = trunc i64 %11 to i32 %17 = inttoptr i64 %13 to %struct.anon.54* %18 = icmp sgt i32 %16, -1 br i1 %18, label %19, label %37 %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %13, 0 br i1 %21, label %25, label %22 %23 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %17) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %34 %28 = call fastcc i32 @do_recvmmsg(i32 %14, %struct.mmsghdr* %7, i32 %15, i32 %16, %struct.anon.54* nonnull %2) #69 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __sys_recvmmsg 3 __ia32_compat_sys_recvmmsg_time32 ------------- Path:  Function:__ia32_compat_sys_recvmmsg_time32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %10 to i32 %17 = inttoptr i64 %13 to %struct.util_est* %18 = inttoptr i64 %6 to %struct.mmsghdr* %19 = or i32 %16, -2147483648 %20 = tail call i32 @__sys_recvmmsg(i32 %14, %struct.mmsghdr* %18, i32 %15, i32 %19, %struct.anon.54* null, %struct.util_est* %17) #69 Function:__sys_recvmmsg %7 = alloca %struct.anon.54, align 8 %8 = bitcast %struct.anon.54* %7 to i8* %9 = icmp eq %struct.anon.54* %4, null br i1 %9, label %13, label %10 %11 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %4) #69 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %44 %16 = icmp eq %struct.util_est* %5, null br i1 %16, label %26, label %17 %27 = call fastcc i32 @do_recvmmsg(i32 %0, %struct.mmsghdr* %1, i32 %2, i32 %3, %struct.anon.54* nonnull %7) #70 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_msghdr 1 do_recvmmsg 2 __sys_recvmmsg 3 __ia32_compat_sys_recvmmsg_time64 ------------- Path:  Function:__ia32_compat_sys_recvmmsg_time64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %10 to i32 %17 = inttoptr i64 %13 to %struct.anon.54* %18 = inttoptr i64 %6 to %struct.mmsghdr* %19 = or i32 %16, -2147483648 %20 = tail call i32 @__sys_recvmmsg(i32 %14, %struct.mmsghdr* %18, i32 %15, i32 %19, %struct.anon.54* %17, %struct.util_est* null) #69 Function:__sys_recvmmsg %7 = alloca %struct.anon.54, align 8 %8 = bitcast %struct.anon.54* %7 to i8* %9 = icmp eq %struct.anon.54* %4, null br i1 %9, label %13, label %10 %11 = call i32 @get_timespec64(%struct.anon.54* nonnull %7, %struct.anon.54* nonnull %4) #69 %12 = icmp eq i32 %11, 0 br i1 %12, label %15, label %44 %16 = icmp eq %struct.util_est* %5, null br i1 %16, label %26, label %17 %27 = call fastcc i32 @do_recvmmsg(i32 %0, %struct.mmsghdr* %1, i32 %2, i32 %3, %struct.anon.54* nonnull %7) #70 Function:do_recvmmsg %6 = alloca %struct.user_msghdr, align 8 %7 = alloca %struct.user_msghdr, align 8 %8 = alloca %struct.anon.54, align 8 %9 = alloca %struct.iovec*, align 8 %10 = alloca %struct.sys_desc_table*, align 8 %11 = alloca [8 x %struct.iovec], align 16 %12 = alloca %struct.iovec*, align 8 %13 = alloca %struct.sys_desc_table*, align 8 %14 = alloca %struct.msghdr.250942, align 8 %15 = alloca %struct.anon.54, align 8 %16 = alloca %struct.anon.54, align 8 %17 = bitcast %struct.msghdr.250942* %14 to i8* %18 = bitcast %struct.anon.54* %15 to i8* %19 = bitcast %struct.anon.54* %16 to i8* %20 = icmp eq %struct.anon.54* %4, null br i1 %20, label %28, label %21 %22 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %23 = load i64, i64* %22, align 8 %24 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 %25 = load i64, i64* %24, align 8 %26 = call i32 @poll_select_set_timeout(%struct.anon.54* nonnull %15, i64 %23, i64 %25) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %279 %29 = call i64 @__fdget(i32 %0) #69 %30 = and i64 %29, -4 %31 = inttoptr i64 %30 to %struct.file.250940* %32 = trunc i64 %29 to i32 %33 = icmp eq i64 %30, 0 br i1 %33, label %279, label %34 %35 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 3 %36 = load %struct.file_operations.250931*, %struct.file_operations.250931** %35, align 8 %37 = icmp eq %struct.file_operations.250931* %36, @socket_file_ops br i1 %37, label %38, label %43 %39 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %31, i64 0, i32 16 %40 = bitcast i8** %39 to %struct.socket.250973** %41 = load %struct.socket.250973*, %struct.socket.250973** %40, align 8 %42 = icmp eq %struct.socket.250973* %41, null br i1 %42, label %43, label %48, !prof !4, !misexpect !5 %49 = and i32 %32, 1 %50 = and i32 %3, 8192 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %62, !prof !6, !misexpect !5 %53 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %41, i64 0, i32 4 %54 = load %struct.sock.250976*, %struct.sock.250976** %53, align 8 %55 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %54, i64 0, i32 50 %56 = load i32, i32* %55, align 8 %57 = icmp eq i32 %56, 0 br i1 %57, label %62, label %58, !prof !6, !misexpect !5 %63 = phi i32 [ 0, %52 ], [ 0, %58 ], [ -9, %48 ] %64 = icmp eq i32 %2, 0 br i1 %64, label %273, label %65 %66 = bitcast %struct.mmsghdr* %1 to %struct.compat_mmsghdr* %67 = bitcast [8 x %struct.iovec]* %11 to i8* %68 = bitcast %struct.iovec** %12 to i8* %69 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %11, i64 0, i64 0 %70 = bitcast %struct.sys_desc_table** %13 to i8* %71 = bitcast %struct.user_msghdr* %7 to i8* %72 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 4 %73 = bitcast i8** %72 to i64* %74 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 3 %75 = bitcast i8** %74 to i64* %76 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 5 %77 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 4 %78 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 6 %79 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 5 %80 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 1 %81 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 1 %82 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 0 %83 = bitcast %struct.sys_desc_table** %13 to i64* %84 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 0 %85 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 3 %86 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 6 %87 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %7, i64 0, i32 2 %88 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %14, i64 0, i32 2 %89 = bitcast %struct.iovec** %12 to i8** %90 = bitcast %struct.iovec** %9 to i8* %91 = bitcast %struct.sys_desc_table** %10 to i8* %92 = bitcast %struct.user_msghdr* %6 to i8* %93 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 4 %94 = bitcast i8** %93 to i64* %95 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 5 %96 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 6 %97 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 1 %98 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 0 %99 = bitcast %struct.sys_desc_table** %10 to i64* %100 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 3 %101 = getelementptr inbounds %struct.user_msghdr, %struct.user_msghdr* %6, i64 0, i32 2 %102 = bitcast %struct.iovec** %9 to i8** %103 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 0 %104 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %15, i64 0, i32 1 %105 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 0 %106 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %16, i64 0, i32 1 %107 = bitcast %struct.anon.54* %8 to i8* %108 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 %109 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 %110 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 0 %111 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %4, i64 0, i32 1 br label %112 %113 = phi i32 [ %3, %65 ], [ %240, %260 ] %114 = phi i32 [ 0, %65 ], [ %237, %260 ] %115 = phi %struct.mmsghdr* [ %1, %65 ], [ %234, %260 ] %116 = phi %struct.compat_mmsghdr* [ %66, %65 ], [ %233, %260 ] %117 = icmp sgt i32 %113, -1 br i1 %117, label %176, label %118 %119 = bitcast %struct.compat_mmsghdr* %116 to %struct.user_msghdr* %120 = and i32 %113, -65537 store %struct.iovec* %69, %struct.iovec** %12, align 8 %121 = icmp sgt i32 %120, -1 br i1 %121, label %125, label %122 %123 = getelementptr %struct.compat_mmsghdr, %struct.compat_mmsghdr* %116, i64 0, i32 0 %124 = call i32 @get_compat_msghdr(%struct.msghdr.250942* nonnull %14, %struct.x86_pmu_capability* %123, %struct.sys_desc_table** nonnull %13, %struct.iovec** nonnull %12) #69 Function:get_compat_msghdr %5 = alloca %struct.x86_pmu_capability, align 4 %6 = bitcast %struct.x86_pmu_capability* %5 to i8* %7 = bitcast %struct.x86_pmu_capability* %1 to i8* %8 = call i64 @_copy_from_user(i8* nonnull %6, i8* %7, i64 28) #69 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %70 %11 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 6 %12 = load i32, i32* %11, align 4 %13 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 5 store i32 %12, i32* %13, align 8 %14 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 1 %17 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 0 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 %20 = select i1 %19, i32 0, i32 %15 store i32 %20, i32* %16, align 8 %21 = icmp slt i32 %20, 0 br i1 %21, label %70, label %22 %23 = icmp ugt i32 %20, 128 br i1 %23, label %24, label %25 store i32 128, i32* %16, align 8 br label %25 %26 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = zext i32 %27 to i64 %29 = inttoptr i64 %28 to i8* %30 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 3 store i8* %29, i8** %30, align 8 %31 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 5 %32 = load i32, i32* %31, align 4 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 4 store i64 %33, i64* %34, align 8 %35 = icmp eq %struct.sys_desc_table** %2, null br i1 %35, label %40, label %36 br i1 %19, label %52, label %41 %42 = load i32, i32* %16, align 8 %43 = icmp eq i32 %42, 0 br i1 %43, label %52, label %44 br i1 %35, label %45, label %54 %55 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 3 %56 = load i32, i32* %55, align 4 %57 = icmp ugt i32 %56, 1024 br i1 %57, label %70, label %58 %59 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 6 store %struct.kiocb.250941* null, %struct.kiocb.250941** %59, align 8 %60 = zext i1 %35 to i32 %61 = getelementptr inbounds %struct.x86_pmu_capability, %struct.x86_pmu_capability* %5, i64 0, i32 2 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = inttoptr i64 %63 to %struct.util_est* %65 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %0, i64 0, i32 2 %66 = call i64 @compat_import_iovec(i32 %60, %struct.util_est* %64, i32 %56, i32 8, %struct.iovec** %3, %struct.iov_iter* %65) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_process_vm_rw 1 __ia32_compat_sys_process_vm_writev ------------- Path:  Function:__ia32_compat_sys_process_vm_writev %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to %struct.util_est* %21 = inttoptr i64 %12 to %struct.util_est* %22 = tail call fastcc i64 @compat_process_vm_rw(i32 %19, %struct.util_est* %20, i64 %9, %struct.util_est* %21, i64 %15, i64 %18, i32 1) #69 Function:compat_process_vm_rw %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.iovec*, align 8 %12 = alloca %struct.iov_iter, align 8 %13 = bitcast [8 x %struct.iovec]* %8 to i8* %14 = bitcast [8 x %struct.iovec]* %9 to i8* %15 = bitcast %struct.iovec** %10 to i8* %16 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %16, %struct.iovec** %10, align 8 %17 = bitcast %struct.iovec** %11 to i8* %18 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 store %struct.iovec* %18, %struct.iovec** %11, align 8 %19 = bitcast %struct.iov_iter* %12 to i8* %20 = icmp eq i64 %5, 0 br i1 %20, label %21, label %46 %22 = icmp ne i32 %6, 0 %23 = zext i1 %22 to i32 %24 = trunc i64 %2 to i32 %25 = call i64 @compat_import_iovec(i32 %23, %struct.util_est* %1, i32 %24, i32 8, %struct.iovec** nonnull %10, %struct.iov_iter* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_process_vm_rw 1 __ia32_compat_sys_process_vm_readv ------------- Path:  Function:__ia32_compat_sys_process_vm_readv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %3 to i32 %20 = inttoptr i64 %6 to %struct.util_est* %21 = inttoptr i64 %12 to %struct.util_est* %22 = tail call fastcc i64 @compat_process_vm_rw(i32 %19, %struct.util_est* %20, i64 %9, %struct.util_est* %21, i64 %15, i64 %18, i32 0) #69 Function:compat_process_vm_rw %8 = alloca [8 x %struct.iovec], align 16 %9 = alloca [8 x %struct.iovec], align 16 %10 = alloca %struct.iovec*, align 8 %11 = alloca %struct.iovec*, align 8 %12 = alloca %struct.iov_iter, align 8 %13 = bitcast [8 x %struct.iovec]* %8 to i8* %14 = bitcast [8 x %struct.iovec]* %9 to i8* %15 = bitcast %struct.iovec** %10 to i8* %16 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %8, i64 0, i64 0 store %struct.iovec* %16, %struct.iovec** %10, align 8 %17 = bitcast %struct.iovec** %11 to i8* %18 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %9, i64 0, i64 0 store %struct.iovec* %18, %struct.iovec** %11, align 8 %19 = bitcast %struct.iov_iter* %12 to i8* %20 = icmp eq i64 %5, 0 br i1 %20, label %21, label %46 %22 = icmp ne i32 %6, 0 %23 = zext i1 %22 to i32 %24 = trunc i64 %2 to i32 %25 = call i64 @compat_import_iovec(i32 %23, %struct.util_est* %1, i32 %24, i32 8, %struct.iovec** nonnull %10, %struct.iov_iter* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv64 ------------- Path:  Function:__ia32_compat_sys_preadv64 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = inttoptr i64 %10 to %struct.util_est* %17 = bitcast i64* %5 to i8* store i64 %15, i64* %5, align 8 %18 = trunc i64 %7 to i32 %19 = tail call i64 @__fdget(i32 %18) #69 %20 = and i64 %19, -4 %21 = inttoptr i64 %20 to %struct.file.96774* %22 = icmp eq i64 %20, 0 br i1 %22, label %57, label %23 %24 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %21, i64 0, i32 8 %25 = load i32, i32* %24, align 4 %26 = and i32 %25, 8 %27 = icmp eq i32 %26, 0 br i1 %27, label %52, label %28 %29 = bitcast [8 x %struct.iovec]* %2 to i8* %30 = bitcast %struct.iovec** %3 to i8* %31 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %31, %struct.iovec** %3, align 8 %32 = bitcast %struct.iov_iter* %4 to i8* %33 = trunc i64 %12 to i32 %34 = call i64 @compat_import_iovec(i32 0, %struct.util_est* %16, i32 %33, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv ------------- Path:  Function:__ia32_compat_sys_preadv %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %10 to %struct.util_est* %19 = trunc i64 %12 to i32 %20 = shl i64 %17, 32 %21 = or i64 %20, %15 %22 = bitcast i64* %5 to i8* store i64 %21, i64* %5, align 8 %23 = icmp slt i64 %21, 0 br i1 %23, label %63, label %24 %25 = trunc i64 %7 to i32 %26 = tail call i64 @__fdget(i32 %25) #69 %27 = and i64 %26, -4 %28 = inttoptr i64 %27 to %struct.file.96774* %29 = icmp eq i64 %27, 0 br i1 %29, label %63, label %30 %31 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %28, i64 0, i32 8 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 8 %34 = icmp eq i32 %33, 0 br i1 %34, label %58, label %35 %36 = bitcast [8 x %struct.iovec]* %2 to i8* %37 = bitcast %struct.iovec** %3 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %3, align 8 %39 = bitcast %struct.iov_iter* %4 to i8* %40 = call i64 @compat_import_iovec(i32 0, %struct.util_est* %18, i32 %19, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv64v2 ------------- Path:  Function:__ia32_compat_sys_preadv64v2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = inttoptr i64 %10 to %struct.util_est* %19 = trunc i64 %17 to i32 %20 = bitcast i64* %5 to i8* store i64 %15, i64* %5, align 8 %21 = trunc i64 %7 to i32 %22 = tail call i64 @__fdget(i32 %21) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.96774* %25 = icmp eq i64 %23, 0 br i1 %25, label %60, label %26 %27 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %24, i64 0, i32 8 %28 = load i32, i32* %27, align 4 %29 = and i32 %28, 8 %30 = icmp eq i32 %29, 0 br i1 %30, label %55, label %31 %32 = bitcast [8 x %struct.iovec]* %2 to i8* %33 = bitcast %struct.iovec** %3 to i8* %34 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %34, %struct.iovec** %3, align 8 %35 = bitcast %struct.iov_iter* %4 to i8* %36 = trunc i64 %12 to i32 %37 = call i64 @compat_import_iovec(i32 0, %struct.util_est* %18, i32 %36, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_preadv2 ------------- Path:  Function:__ia32_compat_sys_preadv2 %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = alloca [8 x %struct.iovec], align 16 %6 = alloca %struct.iovec*, align 8 %7 = alloca %struct.iov_iter, align 8 %8 = alloca i64, align 8 %9 = alloca i64, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %21 = load i64, i64* %20, align 8 %22 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %23 = load i64, i64* %22, align 8 %24 = trunc i64 %11 to i32 %25 = inttoptr i64 %14 to %struct.util_est* %26 = trunc i64 %16 to i32 %27 = trunc i64 %23 to i32 %28 = shl i64 %21, 32 %29 = or i64 %28, %19 %30 = icmp eq i64 %29, -1 br i1 %30, label %31, label %76 %77 = bitcast i64* %8 to i8* store i64 %29, i64* %8, align 8 %78 = icmp slt i64 %29, 0 br i1 %78, label %117, label %79 %80 = tail call i64 @__fdget(i32 %24) #69 %81 = and i64 %80, -4 %82 = inttoptr i64 %81 to %struct.file.96774* %83 = icmp eq i64 %81, 0 br i1 %83, label %117, label %84 %85 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %82, i64 0, i32 8 %86 = load i32, i32* %85, align 4 %87 = and i32 %86, 8 %88 = icmp eq i32 %87, 0 br i1 %88, label %112, label %89 %90 = bitcast [8 x %struct.iovec]* %2 to i8* %91 = bitcast %struct.iovec** %3 to i8* %92 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %92, %struct.iovec** %3, align 8 %93 = bitcast %struct.iov_iter* %4 to i8* %94 = call i64 @compat_import_iovec(i32 0, %struct.util_est* %25, i32 %26, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev2 ------------- Path:  Function:__ia32_compat_sys_pwritev2 %2 = alloca i64, align 8 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %8 to %struct.util_est* %21 = trunc i64 %18 to i32 %22 = shl i64 %16, 32 %23 = or i64 %22, %14 %24 = icmp eq i64 %23, -1 br i1 %24, label %25, label %49 %50 = bitcast i64* %2 to i8* store i64 %23, i64* %2, align 8 %51 = icmp slt i64 %23, 0 br i1 %51, label %69, label %52 %53 = tail call i64 @__fdget(i32 %19) #69 %54 = and i64 %53, -4 %55 = inttoptr i64 %54 to %struct.file.96774* %56 = icmp eq i64 %54, 0 br i1 %56, label %69, label %57 %58 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %55, i64 0, i32 8 %59 = load i32, i32* %58, align 4 %60 = and i32 %59, 16 %61 = icmp eq i32 %60, 0 br i1 %61, label %64, label %62 %63 = call fastcc i64 @compat_writev(%struct.file.96774* nonnull %55, %struct.util_est* %20, i64 %11, i64* nonnull %2, i32 %21) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i64 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev64v2 ------------- Path:  Function:__ia32_compat_sys_pwritev64v2 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = inttoptr i64 %7 to %struct.util_est* %17 = trunc i64 %15 to i32 %18 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %19 = trunc i64 %4 to i32 %20 = tail call i64 @__fdget(i32 %19) #69 %21 = and i64 %20, -4 %22 = inttoptr i64 %21 to %struct.file.96774* %23 = icmp eq i64 %21, 0 br i1 %23, label %36, label %24 %25 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %22, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 16 %28 = icmp eq i32 %27, 0 br i1 %28, label %31, label %29 %30 = call fastcc i64 @compat_writev(%struct.file.96774* nonnull %22, %struct.util_est* %16, i64 %10, i64* nonnull %2, i32 %17) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i64 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev ------------- Path:  Function:__ia32_compat_sys_pwritev %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = inttoptr i64 %7 to %struct.util_est* %17 = shl i64 %15, 32 %18 = or i64 %17, %13 %19 = bitcast i64* %2 to i8* store i64 %18, i64* %2, align 8 %20 = icmp slt i64 %18, 0 br i1 %20, label %39, label %21 %22 = trunc i64 %4 to i32 %23 = tail call i64 @__fdget(i32 %22) #69 %24 = and i64 %23, -4 %25 = inttoptr i64 %24 to %struct.file.96774* %26 = icmp eq i64 %24, 0 br i1 %26, label %39, label %27 %28 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %25, i64 0, i32 8 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 16 %31 = icmp eq i32 %30, 0 br i1 %31, label %34, label %32 %33 = call fastcc i64 @compat_writev(%struct.file.96774* nonnull %25, %struct.util_est* %16, i64 %10, i64* nonnull %2, i32 0) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i64 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_writev 1 __ia32_compat_sys_pwritev64 ------------- Path:  Function:__ia32_compat_sys_pwritev64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to %struct.util_est* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call fastcc i64 @compat_writev(%struct.file.96774* nonnull %19, %struct.util_est* %14, i64 %10, i64* nonnull %2, i32 0) #69 Function:compat_writev %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = bitcast [8 x %struct.iovec]* %6 to i8* %10 = bitcast %struct.iovec** %7 to i8* %11 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %11, %struct.iovec** %7, align 8 %12 = bitcast %struct.iov_iter* %8 to i8* %13 = trunc i64 %2 to i32 %14 = call i64 @compat_import_iovec(i32 1, %struct.util_est* %1, i32 %13, i32 8, %struct.iovec** nonnull %7, %struct.iov_iter* nonnull %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_vmsplice ------------- Path:  Function:__ia32_compat_sys_vmsplice %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %6 to i32 %15 = inttoptr i64 %9 to %struct.util_est* %16 = trunc i64 %11 to i32 %17 = trunc i64 %13 to i32 %18 = bitcast [8 x %struct.iovec]* %2 to i8* %19 = bitcast %struct.iovec** %3 to i8* %20 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %20, %struct.iovec** %3, align 8 %21 = bitcast %struct.iov_iter* %4 to i8* %22 = call i64 @__fdget(i32 %14) #69 %23 = and i64 %22, -4 %24 = inttoptr i64 %23 to %struct.file.140861* %25 = trunc i64 %22 to i32 %26 = icmp eq i64 %23, 0 br i1 %26, label %52, label %27 %28 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %24, i64 0, i32 8 %29 = load i32, i32* %28, align 4 %30 = and i32 %29, 2 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %39 %33 = and i32 %29, 1 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %39 %40 = phi i32 [ 1, %27 ], [ 0, %32 ] %41 = call i64 @compat_import_iovec(i32 %40, %struct.util_est* %15, i32 %16, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %73 = inttoptr i64 %12 to %struct.util_est* %74 = bitcast [8 x %struct.iovec]* %2 to i8* %75 = bitcast %struct.iovec** %3 to i8* %76 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %2, i64 0, i64 0 store %struct.iovec* %76, %struct.iovec** %3, align 8 %77 = bitcast %struct.iov_iter* %4 to i8* %78 = icmp eq i32 %21, 0 %79 = select i1 %78, i32 0, i32 %22 %80 = call i64 @compat_import_iovec(i32 1, %struct.util_est* %73, i32 %79, i32 8, %struct.iovec** nonnull %3, %struct.iov_iter* nonnull %4) #69 ------------- Good: 12 Bad: 38 Ignored: 6 Check Use of Function:svc_add_new_perm_xprt Check Use of Function:do_kexec_load Check Use of Function:proc_tid_base_lookup Check Use of Function:out_of_line_wait_on_bit Check Use of Function:vfat_revalidate_ci Check Use of Function:freeze_bdev Check Use of Function:n_tty_close Check Use of Function:sr_get_mcn Check Use of Function:sr_drive_status Check Use of Function:autofs_dir_rmdir Check Use of Function:md_alloc Check Use of Function:mmc_ioctl_cdrom_pause_resume Check Use of Function:lookup_user_key Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __ia32_sys_add_key ------------- Path:  Function:__ia32_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_add_key(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.22153, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_add_key 1 __x64_sys_add_key ------------- Path:  Function:__x64_sys_add_key %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_add_key(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_add_key %6 = alloca [32 x i8], align 16 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 0 %11 = icmp ugt i64 %3, 1048575 br i1 %11, label %77, label %12 %13 = inttoptr i64 %0 to i8* %14 = call i64 @strncpy_from_user(i8* nonnull %10, i8* %13, i64 32) #69 %15 = trunc i64 %14 to i32 %16 = icmp slt i32 %15, 0 br i1 %16, label %23, label %17 %18 = add nsw i32 %15, -1 %19 = icmp ugt i32 %18, 30 br i1 %19, label %23, label %20 %21 = load i8, i8* %10, align 16 %22 = icmp eq i8 %21, 46 br i1 %22, label %23, label %27 %28 = getelementptr inbounds [32 x i8], [32 x i8]* %6, i64 0, i64 31 store i8 0, i8* %28, align 1 %29 = icmp eq i64 %1, 0 br i1 %29, label %41, label %30 %31 = call i8* @strndup_user(i8* nonnull %7, i64 4096) #69 %32 = icmp ugt i8* %31, inttoptr (i64 -4096 to i8*) br i1 %32, label %33, label %35 %36 = load i8, i8* %31, align 1 switch i8 %36, label %41 [ i8 0, label %37 i8 46, label %38 ] %39 = call i32 @bcmp(i8* nonnull dereferenceable(7) %10, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.2.22153, i64 0, i64 0), i64 7) #6 %40 = icmp eq i32 %39, 0 br i1 %40, label %74, label %41 %42 = phi i8* [ %31, %38 ], [ null, %37 ], [ null, %27 ], [ %31, %35 ] %43 = icmp eq i64 %3, 0 br i1 %43, label %50, label %44 %45 = call i8* @kvmalloc_node(i64 %3, i32 3264, i32 -1) #69 %46 = icmp eq i8* %45, null br i1 %46, label %74, label %47 %48 = call i64 @_copy_from_user(i8* nonnull %45, i8* %8, i64 %3) #69 %49 = icmp eq i64 %48, 0 br i1 %49, label %50, label %71 %51 = phi i8* [ %45, %47 ], [ null, %41 ] %52 = call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %9, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_keyring_ID 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %25 = tail call i64 @keyctl_get_keyring_ID(i32 %20, i32 %21) #69 Function:keyctl_get_keyring_ID %3 = icmp ne i32 %1, 0 %4 = zext i1 %3 to i64 %5 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 %4, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %30 = inttoptr i64 %12 to i8* %31 = tail call i64 @keyctl_update_key(i32 %20, i8* %30, i64 %15) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_update_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %44 = trunc i64 %1 to i32 %45 = inttoptr i64 %2 to i8* %46 = tail call i64 @keyctl_update_key(i32 %44, i8* %45, i64 %3) #69 Function:keyctl_update_key %4 = icmp ugt i64 %2, 4096 br i1 %4, label %28, label %5 %6 = icmp eq i64 %2, 0 br i1 %6, label %13, label %7 %8 = tail call i8* @kvmalloc_node(i64 %2, i32 3264, i32 -1) #69 %9 = icmp eq i8* %8, null br i1 %9, label %28, label %10 %11 = tail call i64 @_copy_from_user(i8* nonnull %8, i8* %1, i64 %2) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %25 %14 = phi i8* [ %8, %10 ], [ null, %5 ] %15 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_revoke_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %33 = tail call i64 @keyctl_revoke_key(i32 %20) #69 Function:keyctl_revoke_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %89 = tail call i64 @keyctl_invalidate_key(i32 %20) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %244 = trunc i64 %1 to i32 %245 = tail call i64 @keyctl_invalidate_key(i32 %244) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_invalidate_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %244 = trunc i64 %1 to i32 %245 = tail call i64 @keyctl_invalidate_key(i32 %244) #69 Function:keyctl_invalidate_key %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %38 = tail call i64 @keyctl_keyring_clear(i32 %20) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_clear 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %77 = trunc i64 %1 to i32 %78 = tail call i64 @keyctl_keyring_clear(i32 %77) #69 Function:keyctl_keyring_clear %2 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_link 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %40 = tail call i64 @keyctl_keyring_link(i32 %20, i32 %21) #69 Function:keyctl_keyring_link %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %42 = tail call i64 @keyctl_keyring_unlink(i32 %20, i32 %21) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_unlink 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %107 = trunc i64 %1 to i32 %108 = trunc i64 %2 to i32 %109 = tail call i64 @keyctl_keyring_unlink(i32 %107, i32 %108) #69 Function:keyctl_keyring_unlink %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %1, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %113 = tail call i64 @keyctl_keyring_move(i32 %20, i32 %21, i32 %22, i32 %23) #69 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %271 = trunc i64 %1 to i32 %272 = trunc i64 %2 to i32 %273 = trunc i64 %3 to i32 %274 = trunc i64 %4 to i32 %275 = tail call i64 @keyctl_keyring_move(i32 %271, i32 %272, i32 %273, i32 %274) #69 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_keyring_move 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %271 = trunc i64 %1 to i32 %272 = trunc i64 %2 to i32 %273 = trunc i64 %3 to i32 %274 = trunc i64 %4 to i32 %275 = tail call i64 @keyctl_keyring_move(i32 %271, i32 %272, i32 %273, i32 %274) #69 Function:keyctl_keyring_move %5 = icmp ult i32 %3, 2 br i1 %5, label %6, label %44 %7 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 1, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %35 = inttoptr i64 %12 to i8* %36 = tail call i64 @keyctl_describe_key(i32 %20, i8* %35, i64 %15) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_describe_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %72 = trunc i64 %1 to i32 %73 = inttoptr i64 %2 to i8* %74 = and i64 %3, 4294967295 %75 = tail call i64 @keyctl_describe_key(i32 %72, i8* %73, i64 %74) #69 Function:keyctl_describe_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %48 = inttoptr i64 %12 to i8* %49 = tail call i64 @keyctl_read_key(i32 %20, i8* %48, i64 %15) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_read_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %117 = trunc i64 %1 to i32 %118 = inttoptr i64 %2 to i8* %119 = tail call i64 @keyctl_read_key(i32 %117, i8* %118, i64 %3) #69 Function:keyctl_read_key %4 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %51 = tail call i64 @keyctl_chown_key(i32 %20, i32 %21, i32 %22) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_chown_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %121 = trunc i64 %1 to i32 %122 = trunc i64 %2 to i32 %123 = trunc i64 %3 to i32 %124 = tail call i64 @keyctl_chown_key(i32 %121, i32 %122, i32 %123) #69 Function:keyctl_chown_key %4 = icmp eq i32 %1, -1 %5 = icmp eq i32 %2, -1 %6 = and i32 %2, %1 %7 = icmp eq i32 %6, -1 br i1 %7, label %113, label %8 %9 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_setperm_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %53 = tail call i64 @keyctl_setperm_key(i32 %20, i32 %21) #69 Function:keyctl_setperm_key %3 = and i32 %1, -1061109568 %4 = icmp eq i32 %3, 0 br i1 %4, label %5, label %27 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %71 = tail call i64 @keyctl_reject_key(i32 %20, i32 %21, i32 %22, i32 %23) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.247461* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247461** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247461**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.247461, %struct.task_struct.247461* %5, i64 0, i32 78 %7 = load %struct.cred.247169*, %struct.cred.247169** %6, align 64 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %76, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %71, label %13 %72 = trunc i32 %11 to i8 %73 = lshr i8 23, %72 %74 = and i8 %73, 1 %75 = icmp eq i8 %74, 0 br i1 %75, label %13, label %76 %14 = getelementptr inbounds %struct.cred.247169, %struct.cred.247169* %7, i64 0, i32 19 %15 = load %struct.key.247146*, %struct.key.247146** %14, align 8 %16 = icmp eq %struct.key.247146* %15, null br i1 %16, label %76, label %17 %18 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.247464** %20 = load %struct.request_key_auth.247464*, %struct.request_key_auth.247464** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.247464, %struct.request_key_auth.247464* %20, i64 0, i32 1 %22 = load %struct.key.247146*, %struct.key.247146** %21, align 8 %23 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %76 %27 = icmp eq i32 %3, 0 br i1 %27, label %58, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %219 = trunc i64 %1 to i32 %220 = trunc i64 %2 to i32 %221 = trunc i64 %3 to i32 %222 = trunc i64 %4 to i32 %223 = tail call i64 @keyctl_reject_key(i32 %219, i32 %220, i32 %221, i32 %222) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.247461* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247461** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247461**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.247461, %struct.task_struct.247461* %5, i64 0, i32 78 %7 = load %struct.cred.247169*, %struct.cred.247169** %6, align 64 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %76, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %71, label %13 %72 = trunc i32 %11 to i8 %73 = lshr i8 23, %72 %74 = and i8 %73, 1 %75 = icmp eq i8 %74, 0 br i1 %75, label %13, label %76 %14 = getelementptr inbounds %struct.cred.247169, %struct.cred.247169* %7, i64 0, i32 19 %15 = load %struct.key.247146*, %struct.key.247146** %14, align 8 %16 = icmp eq %struct.key.247146* %15, null br i1 %16, label %76, label %17 %18 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.247464** %20 = load %struct.request_key_auth.247464*, %struct.request_key_auth.247464** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.247464, %struct.request_key_auth.247464* %20, i64 0, i32 1 %22 = load %struct.key.247146*, %struct.key.247146** %21, align 8 %23 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %76 %27 = icmp eq i32 %3, 0 br i1 %27, label %58, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_reject_key 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %219 = trunc i64 %1 to i32 %220 = trunc i64 %2 to i32 %221 = trunc i64 %3 to i32 %222 = trunc i64 %4 to i32 %223 = tail call i64 @keyctl_reject_key(i32 %219, i32 %220, i32 %221, i32 %222) #69 Function:keyctl_reject_key %5 = tail call %struct.task_struct.247461* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.247461** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.247461**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.247461, %struct.task_struct.247461* %5, i64 0, i32 78 %7 = load %struct.cred.247169*, %struct.cred.247169** %6, align 64 %8 = add i32 %2, -1 %9 = icmp ugt i32 %8, 4093 br i1 %9, label %76, label %10 %11 = add i32 %2, -512 %12 = icmp ult i32 %11, 5 br i1 %12, label %71, label %13 %72 = trunc i32 %11 to i8 %73 = lshr i8 23, %72 %74 = and i8 %73, 1 %75 = icmp eq i8 %74, 0 br i1 %75, label %13, label %76 %14 = getelementptr inbounds %struct.cred.247169, %struct.cred.247169* %7, i64 0, i32 19 %15 = load %struct.key.247146*, %struct.key.247146** %14, align 8 %16 = icmp eq %struct.key.247146* %15, null br i1 %16, label %76, label %17 %18 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %15, i64 0, i32 16, i32 0, i32 0, i64 0 %19 = bitcast i8** %18 to %struct.request_key_auth.247464** %20 = load %struct.request_key_auth.247464*, %struct.request_key_auth.247464** %19, align 8 %21 = getelementptr inbounds %struct.request_key_auth.247464, %struct.request_key_auth.247464* %20, i64 0, i32 1 %22 = load %struct.key.247146*, %struct.key.247146** %21, align 8 %23 = getelementptr inbounds %struct.key.247146, %struct.key.247146* %22, i64 0, i32 1 %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, %0 br i1 %25, label %26, label %76 %27 = icmp eq i32 %3, 0 br i1 %27, label %58, label %28 %29 = icmp sgt i32 %3, 0 br i1 %29, label %30, label %37 %31 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %3, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %62 = tail call i64 @keyctl_set_timeout(i32 %20, i32 %21) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %206 = trunc i64 %1 to i32 %207 = trunc i64 %2 to i32 %208 = tail call i64 @keyctl_set_timeout(i32 %206, i32 %207) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_set_timeout 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %206 = trunc i64 %1 to i32 %207 = trunc i64 %2 to i32 %208 = tail call i64 @keyctl_set_timeout(i32 %206, i32 %207) #69 Function:keyctl_set_timeout %3 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %66 = inttoptr i64 %12 to i8* %67 = tail call i64 @keyctl_get_security(i32 %20, i8* %66, i64 %15) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %213 = trunc i64 %1 to i32 %214 = inttoptr i64 %2 to i8* %215 = tail call i64 @keyctl_get_security(i32 %213, i8* %214, i64 %3) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_get_security 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %213 = trunc i64 %1 to i32 %214 = inttoptr i64 %2 to i8* %215 = tail call i64 @keyctl_get_security(i32 %213, i8* %214, i64 %3) #69 Function:keyctl_get_security %4 = alloca i8*, align 8 %5 = bitcast i8** %4 to i8* %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 2, i32 1) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %69 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %217 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_session_to_parent 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %217 = tail call i64 @keyctl_session_to_parent() #69 Function:keyctl_session_to_parent %1 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 -3, i64 0, i32 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __ia32_compat_sys_keyctl ------------- Path:  Function:__ia32_compat_sys_keyctl %2 = alloca [8 x %struct.iovec], align 16 %3 = alloca %struct.iovec*, align 8 %4 = alloca %struct.iov_iter, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, 4294967295 %19 = trunc i64 %6 to i32 %20 = trunc i64 %8 to i32 %21 = trunc i64 %11 to i32 %22 = trunc i64 %14 to i32 %23 = trunc i64 %17 to i32 switch i32 %19, label %117 [ i32 0, label %24 i32 1, label %26 i32 2, label %29 i32 3, label %32 i32 6, label %34 i32 7, label %37 i32 8, label %39 i32 9, label %41 i32 10, label %43 i32 11, label %47 i32 4, label %50 i32 5, label %52 i32 12, label %54 i32 13, label %57 i32 14, label %59 i32 15, label %61 i32 16, label %63 i32 17, label %65 i32 18, label %68 i32 19, label %70 i32 20, label %72 i32 21, label %88 i32 31, label %114 i32 30, label %112 i32 29, label %90 i32 24, label %94 i32 25, label %100 i32 26, label %100 i32 27, label %100 i32 28, label %106 ] %91 = inttoptr i64 %12 to i8* %92 = inttoptr i64 %15 to i8* %93 = tail call i64 @keyctl_restrict_keyring(i32 %20, i8* %91, i8* %92) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %247 = trunc i64 %1 to i32 %248 = inttoptr i64 %2 to i8* %249 = inttoptr i64 %3 to i8* %250 = tail call i64 @keyctl_restrict_keyring(i32 %247, i8* %248, i8* %249) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 keyctl_restrict_keyring 1 __se_sys_keyctl 2 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %247 = trunc i64 %1 to i32 %248 = inttoptr i64 %2 to i8* %249 = inttoptr i64 %3 to i8* %250 = tail call i64 @keyctl_restrict_keyring(i32 %247, i8* %248, i8* %249) #69 Function:keyctl_restrict_keyring %4 = alloca [32 x i8], align 16 %5 = getelementptr inbounds [32 x i8], [32 x i8]* %4, i64 0, i64 0 %6 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %0, i64 0, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %13 = trunc i64 %1 to i32 %14 = trunc i64 %2 to i32 %15 = icmp ne i32 %14, 0 %16 = zext i1 %15 to i64 %17 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %13, i64 %16, i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %48 = trunc i64 %1 to i32 %49 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %48, i64 0, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %80 = trunc i64 %2 to i32 %81 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %80, i64 1, i32 4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __ia32_sys_keyctl ------------- Path:  Function:__ia32_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_keyctl(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %291 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 32) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_keyctl 1 __x64_sys_keyctl ------------- Path:  Function:__x64_sys_keyctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_keyctl(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_keyctl %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.iov_iter, align 8 %9 = alloca %struct.iovec, align 8 %10 = alloca %struct.iov_iter, align 8 %11 = trunc i64 %0 to i32 switch i32 %11, label %291 [ i32 0, label %12 i32 1, label %26 i32 2, label %43 i32 3, label %47 i32 6, label %71 i32 7, label %76 i32 8, label %79 i32 9, label %106 i32 10, label %110 i32 11, label %116 i32 4, label %120 i32 5, label %125 i32 12, label %152 i32 13, label %172 i32 14, label %177 i32 15, label %205 i32 16, label %209 i32 17, label %212 i32 18, label %216 i32 19, label %218 i32 20, label %224 i32 21, label %243 i32 31, label %276 i32 30, label %270 i32 29, label %246 i32 24, label %251 i32 25, label %258 i32 26, label %258 i32 27, label %258 i32 28, label %264 ] %126 = trunc i64 %2 to i32 %127 = and i32 %126, -1061109568 %128 = icmp eq i32 %127, 0 br i1 %128, label %129, label %291 %130 = trunc i64 %1 to i32 %131 = tail call %struct.__key_reference_with_attributes* @lookup_user_key(i32 %130, i64 3, i32 32) #69 ------------- Good: 22 Bad: 54 Ignored: 0 Check Use of Function:do_ipt_get_ctl Check Use of Function:put_css_set_locked Use: =BAD PATH= Call Stack: 0 free_cgroup_ns 1 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.88354, %struct.ns_common.88354* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.88577* %4 = icmp eq i32* %2, null br i1 %4, label %15, label %5 %6 = bitcast i32* %2 to %union.anon.21* %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32 -1, i32* nonnull %2) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace.88577* nonnull %3) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.88577, %struct.cgroup_namespace.88577* %0, i64 0, i32 4 %3 = load %struct.css_set.88576*, %struct.css_set.88576** %2, align 8 %4 = getelementptr inbounds %struct.css_set.88576, %struct.css_set.88576* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.87861*)* @put_css_set_locked to void (%struct.css_set.88576*)*)(%struct.css_set.88576* %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 put_css_set_locked 1 free_cgroup_ns 2 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.88354, %struct.ns_common.88354* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.88577* %4 = icmp eq i32* %2, null br i1 %4, label %15, label %5 %6 = bitcast i32* %2 to %union.anon.21* %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32 -1, i32* nonnull %2) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace.88577* nonnull %3) #69 Function:free_cgroup_ns %2 = getelementptr inbounds %struct.cgroup_namespace.88577, %struct.cgroup_namespace.88577* %0, i64 0, i32 4 %3 = load %struct.css_set.88576*, %struct.css_set.88576** %2, align 8 %4 = getelementptr inbounds %struct.css_set.88576, %struct.css_set.88576* %3, i64 0, i32 1 %5 = tail call zeroext i1 @refcount_dec_not_one(%union.anon.21* %4) #69 br i1 %5, label %8, label %6 %7 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @css_set_lock, i64 0, i32 0, i32 0)) #69 tail call void bitcast (void (%struct.css_set.87861*)* @put_css_set_locked to void (%struct.css_set.88576*)*)(%struct.css_set.88576* %3) #69 Function:put_css_set_locked %2 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 1 %3 = getelementptr inbounds %union.anon.21, %union.anon.21* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 10 %13 = bitcast %struct.list_head* %12 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.list_head* %16 = icmp eq %struct.list_head* %12, %15 br i1 %16, label %18, label %17, !prof !5, !misexpect !6 br label %19 %20 = phi i64 [ %52, %51 ], [ 0, %18 ] %21 = getelementptr %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 9, i64 %20, i32 1 %22 = load %struct.list_head*, %struct.list_head** %21, align 8 %23 = getelementptr %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 9, i64 %20, i32 0 %24 = load %struct.list_head*, %struct.list_head** %23, align 8 %25 = getelementptr inbounds %struct.list_head, %struct.list_head* %24, i64 0, i32 1 store %struct.list_head* %22, %struct.list_head** %25, align 8 %26 = ptrtoint %struct.list_head* %24 to i64 %27 = bitcast %struct.list_head* %22 to i64* store volatile i64 %26, i64* %27, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %23, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %21, align 8 %28 = getelementptr %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 0, i64 %20 %29 = load %struct.cgroup_subsys_state.87860*, %struct.cgroup_subsys_state.87860** %28, align 8 %30 = getelementptr inbounds %struct.cgroup_subsys_state.87860, %struct.cgroup_subsys_state.87860* %29, i64 0, i32 7 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 1 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %51 %52 = add nuw nsw i64 %20, 1 %53 = icmp eq i64 %52, 4 br i1 %53, label %54, label %19 %55 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 12 %56 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 12, i32 1 %57 = load %struct.hlist_node**, %struct.hlist_node*** %56, align 8 %58 = icmp eq %struct.hlist_node** %57, null br i1 %58, label %69, label %59 %70 = load i32, i32* @css_set_count, align 4 %71 = add i32 %70, -1 store i32 %71, i32* @css_set_count, align 4 %72 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 13 %73 = bitcast %struct.list_head* %72 to i8** %74 = load i8*, i8** %73, align 8 %75 = bitcast i8* %74 to %struct.list_head* %76 = icmp eq %struct.list_head* %72, %75 br i1 %76, label %130, label %77 %78 = phi i8* [ %81, %127 ], [ %74, %69 ] %79 = getelementptr i8, i8* %78, i64 -32 %80 = bitcast i8* %78 to i8** %81 = load i8*, i8** %80, align 8 %82 = getelementptr i8, i8* %78, i64 -16 %83 = getelementptr i8, i8* %78, i64 -8 %84 = bitcast i8* %83 to %struct.list_head** %85 = load %struct.list_head*, %struct.list_head** %84, align 8 %86 = bitcast i8* %82 to %struct.list_head** %87 = load %struct.list_head*, %struct.list_head** %86, align 8 %88 = getelementptr inbounds %struct.list_head, %struct.list_head* %87, i64 0, i32 1 store %struct.list_head* %85, %struct.list_head** %88, align 8 %89 = ptrtoint %struct.list_head* %87 to i64 %90 = bitcast %struct.list_head* %85 to i64* store volatile i64 %89, i64* %90, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %86, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %84, align 8 %91 = getelementptr inbounds i8, i8* %78, i64 8 %92 = bitcast i8* %91 to %struct.list_head** %93 = load %struct.list_head*, %struct.list_head** %92, align 8 %94 = bitcast i8* %78 to %struct.list_head** %95 = load %struct.list_head*, %struct.list_head** %94, align 8 %96 = getelementptr inbounds %struct.list_head, %struct.list_head* %95, i64 0, i32 1 store %struct.list_head* %93, %struct.list_head** %96, align 8 %97 = ptrtoint %struct.list_head* %95 to i64 %98 = bitcast %struct.list_head* %93 to i64* store volatile i64 %97, i64* %98, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %94, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %92, align 8 %99 = bitcast i8* %79 to %struct.cgroup.87854** %100 = load %struct.cgroup.87854*, %struct.cgroup.87854** %99, align 8 %101 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %100, i64 0, i32 0, i32 12 %102 = bitcast %struct.cgroup_subsys_state.87860** %101 to %struct.cgroup.87854** %103 = load %struct.cgroup.87854*, %struct.cgroup.87854** %102, align 8 %104 = icmp eq %struct.cgroup.87854* %103, null br i1 %104, label %127, label %105 %106 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %100, i64 0, i32 0, i32 7 %107 = load i32, i32* %106, align 4 %108 = and i32 %107, 1 %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %127 %111 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %100, i64 0, i32 0, i32 2 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %112 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %100, i64 0, i32 0, i32 2, i32 1 %113 = load volatile i64, i64* %112, align 8 %114 = and i64 %113, 3 %115 = icmp eq i64 %114, 0 br i1 %115, label %116, label %118, !prof !5, !misexpect !6 %119 = getelementptr inbounds %struct.percpu_ref, %struct.percpu_ref* %111, i64 0, i32 0, i32 0 %120 = tail call i8 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; subq $2, $0\0A\09/* output condition code e*/\0A", "=*m,={@cce},er,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %119, i64 1, i64* %119) #6, !srcloc !12 %121 = and i8 %120, 1 %122 = icmp eq i8 %121, 0 br i1 %122, label %126, label %123, !prof !5, !misexpect !6 %124 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %100, i64 0, i32 0, i32 2, i32 2 %125 = load void (%struct.percpu_ref*)*, void (%struct.percpu_ref*)** %124, align 8 tail call void %125(%struct.percpu_ref* %111) #69 br label %126 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 br label %127 tail call void @kfree(i8* %79) #69 %128 = bitcast i8* %81 to %struct.list_head* %129 = icmp eq %struct.list_head* %72, %128 br i1 %129, label %130, label %77 %131 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 2 %132 = load %struct.css_set.87861*, %struct.css_set.87861** %131, align 8 %133 = icmp eq %struct.css_set.87861* %132, %0 br i1 %133, label %143, label %134 %135 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 11, i32 1 %136 = load %struct.list_head*, %struct.list_head** %135, align 8 %137 = getelementptr inbounds %struct.css_set.87861, %struct.css_set.87861* %0, i64 0, i32 11, i32 0 %138 = load %struct.list_head*, %struct.list_head** %137, align 8 %139 = getelementptr inbounds %struct.list_head, %struct.list_head* %138, i64 0, i32 1 store %struct.list_head* %136, %struct.list_head** %139, align 8 %140 = ptrtoint %struct.list_head* %138 to i64 %141 = bitcast %struct.list_head* %136 to i64* store volatile i64 %140, i64* %141, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %137, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %135, align 8 %142 = load %struct.css_set.87861*, %struct.css_set.87861** %131, align 8 tail call void @put_css_set_locked(%struct.css_set.87861* %142) #70 ------------- Good: 164 Bad: 2 Ignored: 268 Check Use of Function:commit_creds Check Use of Function:inode_owner_or_capable Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %48 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %48 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %103 = bitcast %struct.ext4_iloc.179702* %16 to i8* %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %103 = bitcast %struct.ext4_iloc.179702* %16 to i8* %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %299 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %299 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %310 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %310 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %775 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %775 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %915 = bitcast %struct.fsxattr* %22 to i8* %916 = bitcast %struct.fsxattr* %23 to i8* %917 = inttoptr i64 %2 to i8* %918 = call i64 @_copy_from_user(i8* nonnull %915, i8* %917, i64 28) #70 %919 = icmp eq i64 %918, 0 br i1 %919, label %920, label %1155 %921 = call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %915 = bitcast %struct.fsxattr* %22 to i8* %916 = bitcast %struct.fsxattr* %23 to i8* %917 = inttoptr i64 %2 to i8* %918 = call i64 @_copy_from_user(i8* nonnull %915, i8* %917, i64 28) #70 %919 = icmp eq i64 %918, 0 br i1 %919, label %920, label %1155 %921 = call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.179564*)*)(%struct.inode.179564* %25) #70 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %8 = icmp eq i8* %4, null br i1 %8, label %15, label %9 %16 = phi %struct.posix_acl* [ %10, %9 ], [ null, %7 ] %17 = getelementptr inbounds %struct.xattr_handler.155273, %struct.xattr_handler.155273* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = tail call i32 @set_posix_acl(%struct.inode.155268* %2, i32 %18, %struct.posix_acl* %16) #69 Function:set_posix_acl %4 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 8 %5 = load %struct.super_block.155263*, %struct.super_block.155263** %4, align 8 %6 = getelementptr inbounds %struct.super_block.155263, %struct.super_block.155263* %5, i64 0, i32 10 %7 = load i64, i64* %6, align 16 %8 = and i64 %7, 65536 %9 = icmp eq i64 %8, 0 br i1 %9, label %85, label %10 %11 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 7 %12 = load %struct.inode_operations.155223*, %struct.inode_operations.155223** %11, align 8 %13 = getelementptr inbounds %struct.inode_operations.155223, %struct.inode_operations.155223* %12, i64 0, i32 20 %14 = load i32 (%struct.inode.155268*, %struct.posix_acl*, i32)*, i32 (%struct.inode.155268*, %struct.posix_acl*, i32)** %13, align 32 %15 = icmp eq i32 (%struct.inode.155268*, %struct.posix_acl*, i32)* %14, null br i1 %15, label %85, label %16 %17 = icmp eq i32 %1, 16384 br i1 %17, label %18, label %26 %19 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 0 %20 = load i16, i16* %19, align 8 %21 = and i16 %20, -4096 %22 = icmp eq i16 %21, 16384 br i1 %22, label %26, label %23 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.155268*)*)(%struct.inode.155268* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 set_posix_acl 1 posix_acl_xattr_set ------------- Path:  Function:posix_acl_xattr_set %8 = icmp eq i8* %4, null br i1 %8, label %15, label %9 %16 = phi %struct.posix_acl* [ %10, %9 ], [ null, %7 ] %17 = getelementptr inbounds %struct.xattr_handler.155273, %struct.xattr_handler.155273* %0, i64 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = tail call i32 @set_posix_acl(%struct.inode.155268* %2, i32 %18, %struct.posix_acl* %16) #69 Function:set_posix_acl %4 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 8 %5 = load %struct.super_block.155263*, %struct.super_block.155263** %4, align 8 %6 = getelementptr inbounds %struct.super_block.155263, %struct.super_block.155263* %5, i64 0, i32 10 %7 = load i64, i64* %6, align 16 %8 = and i64 %7, 65536 %9 = icmp eq i64 %8, 0 br i1 %9, label %85, label %10 %11 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 7 %12 = load %struct.inode_operations.155223*, %struct.inode_operations.155223** %11, align 8 %13 = getelementptr inbounds %struct.inode_operations.155223, %struct.inode_operations.155223* %12, i64 0, i32 20 %14 = load i32 (%struct.inode.155268*, %struct.posix_acl*, i32)*, i32 (%struct.inode.155268*, %struct.posix_acl*, i32)** %13, align 32 %15 = icmp eq i32 (%struct.inode.155268*, %struct.posix_acl*, i32)* %14, null br i1 %15, label %85, label %16 %17 = icmp eq i32 %1, 16384 br i1 %17, label %18, label %26 %19 = getelementptr inbounds %struct.inode.155268, %struct.inode.155268* %0, i64 0, i32 0 %20 = load i16, i16* %19, align 8 %21 = and i16 %20, -4096 %22 = icmp eq i16 %21, 16384 br i1 %22, label %26, label %23 %27 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.155268*)*)(%struct.inode.155268* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 9 %4 = load %struct.super_block.190633*, %struct.super_block.190633** %3, align 8 %5 = getelementptr inbounds %struct.super_block.190633, %struct.super_block.190633* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.msdos_sb_info.190697** %7 = load %struct.msdos_sb_info.190697*, %struct.msdos_sb_info.190697** %6, align 32 %8 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 5 %9 = load %struct.inode.190651*, %struct.inode.190651** %8, align 8 %10 = getelementptr inbounds %struct.iattr.190299, %struct.iattr.190299* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.190697, %struct.msdos_sb_info.190697* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.190621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.190621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.190621**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.190621, %struct.task_struct.190621* %17, i64 0, i32 78 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.190655*, %struct.iattr.190299*)*)(%struct.dentry.190655* %0, %struct.iattr.190299* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 9 %4 = load %struct.super_block.190633*, %struct.super_block.190633** %3, align 8 %5 = getelementptr inbounds %struct.super_block.190633, %struct.super_block.190633* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.msdos_sb_info.190697** %7 = load %struct.msdos_sb_info.190697*, %struct.msdos_sb_info.190697** %6, align 32 %8 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 5 %9 = load %struct.inode.190651*, %struct.inode.190651** %8, align 8 %10 = getelementptr inbounds %struct.iattr.190299, %struct.iattr.190299* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.190697, %struct.msdos_sb_info.190697* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.190621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.190621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.190621**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.190621, %struct.task_struct.190621* %17, i64 0, i32 78 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.190655*, %struct.iattr.190299*)*)(%struct.dentry.190655* %0, %struct.iattr.190299* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %3 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.251145*, %struct.iattr.251147*)*)(%struct.dentry.251145* %0, %struct.iattr.251147* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.134289*, i32)* @inode_permission to i32 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %247 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 %59 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 0 br i1 %58, label %60, label %62 %63 = load i64, i64* %59, align 8 %64 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 1 %65 = load i64, i64* %64, align 8 %66 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %63, i64 %65, %struct.inode.137152* %5) #69 %67 = extractvalue { i64, i64 } %66, 0 %68 = extractvalue { i64, i64 } %66, 1 store i64 %67, i64* %59, align 8 store i64 %68, i64* %64, align 8 br label %69 %70 = and i32 %9, 256 %71 = icmp eq i32 %70, 0 %72 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 0 br i1 %71, label %73, label %75 %76 = load i64, i64* %72, align 8 %77 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 1 %78 = load i64, i64* %77, align 8 %79 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %76, i64 %78, %struct.inode.137152* %5) #69 %80 = extractvalue { i64, i64 } %79, 0 %81 = extractvalue { i64, i64 } %79, 1 store i64 %80, i64* %72, align 8 store i64 %81, i64* %77, align 8 br label %82 %83 = and i32 %9, 16384 %84 = icmp eq i32 %83, 0 br i1 %84, label %94, label %85 %95 = phi i32 [ %36, %82 ], [ %36, %88 ], [ %93, %90 ] %96 = phi i32 [ %9, %82 ], [ %9, %88 ], [ %92, %90 ] %97 = and i32 %96, 6144 %98 = icmp eq i32 %97, 0 %99 = icmp eq i32 %95, 0 %100 = or i1 %98, %99 br i1 %100, label %102, label %101 %103 = and i32 %96, 2048 %104 = icmp eq i32 %103, 0 %105 = and i16 %7, 2048 %106 = icmp eq i16 %105, 0 %107 = or i1 %106, %104 br i1 %107, label %114, label %108 %115 = phi i32 [ %110, %108 ], [ %96, %102 ] %116 = and i32 %115, 4096 %117 = icmp ne i32 %116, 0 %118 = and i16 %7, 1032 %119 = icmp eq i16 %118, 1032 %120 = and i1 %119, %117 br i1 %120, label %121, label %137 %138 = phi i32 [ %134, %132 ], [ %115, %114 ] %139 = load i32, i32* %8, align 8 %140 = and i32 %139, -6145 %141 = icmp eq i32 %140, 0 br i1 %141, label %247, label %142 %143 = and i32 %138, 2 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %146 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %147 = load i32, i32* %146, align 8 %148 = icmp eq i32 %147, -1 br i1 %148, label %247, label %149 %150 = and i32 %138, 4 %151 = icmp eq i32 %150, 0 br i1 %151, label %156, label %152 %153 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %154, -1 br i1 %155, label %247, label %156 br i1 %144, label %157, label %161 %158 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 2, i32 0 %159 = load i32, i32* %158, align 4 %160 = icmp eq i32 %159, -1 br i1 %160, label %247, label %161 br i1 %151, label %162, label %166 %163 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 3, i32 0 %164 = load i32, i32* %163, align 8 %165 = icmp eq i32 %164, -1 br i1 %165, label %247, label %166 %167 = tail call i32 bitcast (i32 (%struct.dentry.112781*, %struct.iattr.112338*)* @security_inode_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %247 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 40 %171 = load %struct.file_lock_context*, %struct.file_lock_context** %170, align 8 %172 = icmp eq %struct.file_lock_context* %171, null br i1 %172, label %190, label %173 %191 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 7 %192 = load %struct.inode_operations.137148*, %struct.inode_operations.137148** %191, align 8 %193 = getelementptr inbounds %struct.inode_operations.137148, %struct.inode_operations.137148* %192, i64 0, i32 13 %194 = bitcast {}** %193 to i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %195 = load i32 (%struct.dentry.137143*, %struct.iattr.137257*)*, i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %194, align 8 %196 = icmp eq i32 (%struct.dentry.137143*, %struct.iattr.137257*)* %195, null br i1 %196, label %199, label %197 %200 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 9 %4 = load %struct.super_block.190633*, %struct.super_block.190633** %3, align 8 %5 = getelementptr inbounds %struct.super_block.190633, %struct.super_block.190633* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.msdos_sb_info.190697** %7 = load %struct.msdos_sb_info.190697*, %struct.msdos_sb_info.190697** %6, align 32 %8 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 5 %9 = load %struct.inode.190651*, %struct.inode.190651** %8, align 8 %10 = getelementptr inbounds %struct.iattr.190299, %struct.iattr.190299* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.190697, %struct.msdos_sb_info.190697* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.190621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.190621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.190621**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.190621, %struct.task_struct.190621* %17, i64 0, i32 78 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.190655*, %struct.iattr.190299*)*)(%struct.dentry.190655* %0, %struct.iattr.190299* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 fat_setattr ------------- Path:  Function:fat_setattr %3 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 9 %4 = load %struct.super_block.190633*, %struct.super_block.190633** %3, align 8 %5 = getelementptr inbounds %struct.super_block.190633, %struct.super_block.190633* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.msdos_sb_info.190697** %7 = load %struct.msdos_sb_info.190697*, %struct.msdos_sb_info.190697** %6, align 32 %8 = getelementptr inbounds %struct.dentry.190655, %struct.dentry.190655* %0, i64 0, i32 5 %9 = load %struct.inode.190651*, %struct.inode.190651** %8, align 8 %10 = getelementptr inbounds %struct.iattr.190299, %struct.iattr.190299* %1, i64 0, i32 0 %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65920 %13 = icmp eq i32 %12, 0 br i1 %13, label %37, label %14 %15 = getelementptr inbounds %struct.msdos_sb_info.190697, %struct.msdos_sb_info.190697* %7, i64 0, i32 19, i32 11 %16 = load i16, i16* %15, align 2 %17 = tail call %struct.task_struct.190621* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.190621** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.190621**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.190621, %struct.task_struct.190621* %17, i64 0, i32 78 %19 = load %struct.cred*, %struct.cred** %18, align 64 %20 = getelementptr inbounds %struct.cred, %struct.cred* %19, i64 0, i32 7, i32 0 %21 = load i32, i32* %20, align 4 %22 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 2, i32 0 %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %21, %23 br i1 %24, label %37, label %25 %26 = getelementptr inbounds %struct.inode.190651, %struct.inode.190651* %9, i64 0, i32 3, i32 0 %27 = load i32, i32* %26, align 8 %28 = tail call i32 @in_group_p(i32 %27) #69 %29 = icmp eq i32 %28, 0 %30 = lshr i16 %16, 3 %31 = select i1 %29, i16 %16, i16 %30 %32 = and i16 %31, 2 %33 = icmp eq i16 %32, 0 br i1 %33, label %37, label %34 %38 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.190655*, %struct.iattr.190299*)*)(%struct.dentry.190655* %0, %struct.iattr.190299* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 hugetlbfs_setattr ------------- Path:  Function:hugetlbfs_setattr %3 = getelementptr inbounds %struct.dentry.189447, %struct.dentry.189447* %0, i64 0, i32 5 %4 = load %struct.inode.189443*, %struct.inode.189443** %3, align 8 %5 = getelementptr inbounds %struct.inode.189443, %struct.inode.189443* %4, i64 0, i32 8 %6 = load %struct.super_block.189425*, %struct.super_block.189425** %5, align 8 %7 = getelementptr inbounds %struct.super_block.189425, %struct.super_block.189425* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.hugetlbfs_sb_info** %9 = load %struct.hugetlbfs_sb_info*, %struct.hugetlbfs_sb_info** %8, align 32 %10 = getelementptr inbounds %struct.hugetlbfs_sb_info, %struct.hugetlbfs_sb_info* %9, i64 0, i32 3 %11 = load %struct.hstate*, %struct.hstate** %10, align 8 %12 = getelementptr inbounds %struct.iattr.189069, %struct.iattr.189069* %1, i64 0, i32 0 %13 = load i32, i32* %12, align 8 %14 = getelementptr %struct.inode.189443, %struct.inode.189443* %4, i64 -1, i32 46 %15 = icmp eq %struct.inode.189443* %4, null br i1 %15, label %16, label %17, !prof !4, !misexpect !5 %18 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.189447*, %struct.iattr.189069*)*)(%struct.dentry.189447* %0, %struct.iattr.189069* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_sys_setattr ------------- Path:  Function:proc_sys_setattr %3 = getelementptr inbounds %struct.dentry, %struct.dentry* %0, i64 0, i32 5 %4 = load %struct.inode*, %struct.inode** %3, align 8 %5 = getelementptr inbounds %struct.iattr, %struct.iattr* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 7 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry*, %struct.iattr*)*)(%struct.dentry* %0, %struct.iattr* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_notify_change ------------- Path:  Function:proc_notify_change %3 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %0, i64 0, i32 5 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.163001*, %struct.iattr.162987*)*)(%struct.dentry.163001* %0, %struct.iattr.162987* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 proc_setattr ------------- Path:  Function:proc_setattr %3 = getelementptr inbounds %struct.dentry.162705, %struct.dentry.162705* %0, i64 0, i32 5 %4 = load %struct.inode.162701*, %struct.inode.162701** %3, align 8 %5 = getelementptr inbounds %struct.iattr.162706, %struct.iattr.162706* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %9, label %13 %10 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.162705*, %struct.iattr.162706*)*)(%struct.dentry.162705* %0, %struct.iattr.162706* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 ext4_setattr ------------- Path:  Function:ext4_setattr %3 = getelementptr inbounds %struct.dentry.179219, %struct.dentry.179219* %0, i64 0, i32 5 %4 = load %struct.inode.179231*, %struct.inode.179231** %3, align 8 %5 = getelementptr inbounds %struct.iattr.179221, %struct.iattr.179221* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 8 %8 = load %struct.super_block.179216*, %struct.super_block.179216** %7, align 8 %9 = getelementptr inbounds %struct.super_block.179216, %struct.super_block.179216* %8, i64 0, i32 28 %10 = bitcast i8** %9 to %struct.ext4_sb_info.179277** %11 = load %struct.ext4_sb_info.179277*, %struct.ext4_sb_info.179277** %10, align 32 %12 = getelementptr inbounds %struct.ext4_sb_info.179277, %struct.ext4_sb_info.179277* %11, i64 0, i32 49 %13 = load volatile i64, i64* %12, align 8 %14 = and i64 %13, 2 %15 = icmp eq i64 %14, 0 br i1 %15, label %16, label %402, !prof !4, !misexpect !5 %17 = getelementptr inbounds %struct.inode.179231, %struct.inode.179231* %4, i64 0, i32 4 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 8 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %402, !prof !4, !misexpect !5 %22 = and i32 %18, 4 %23 = icmp ne i32 %22, 0 %24 = and i32 %6, 65543 %25 = icmp ne i32 %24, 0 %26 = and i1 %25, %23 br i1 %26, label %402, label %27, !prof !6, !misexpect !5 %28 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.179219*, %struct.iattr.179221*)*)(%struct.dentry.179219* %0, %struct.iattr.179221* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr ------------- Path:  Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 sockfs_setattr ------------- Path:  Function:sockfs_setattr %3 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.251145*, %struct.iattr.251147*)*)(%struct.dentry.251145* %0, %struct.iattr.251147* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 %4 = icmp eq i32 %3, 0 br i1 %4, label %10, label %5 %6 = getelementptr inbounds %struct.iattr.96351, %struct.iattr.96351* %1, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 7 %9 = icmp eq i32 %8, 0 br i1 %9, label %10, label %12 %11 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.96769*, %struct.iattr.96351*)*)(%struct.dentry.96769* %0, %struct.iattr.96351* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 simple_setattr 2 notify_change 3 file_remove_privs 4 __generic_file_write_iter 5 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.134289*, i32)* @inode_permission to i32 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %247 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 %59 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 0 br i1 %58, label %60, label %62 %63 = load i64, i64* %59, align 8 %64 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 1 %65 = load i64, i64* %64, align 8 %66 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %63, i64 %65, %struct.inode.137152* %5) #69 %67 = extractvalue { i64, i64 } %66, 0 %68 = extractvalue { i64, i64 } %66, 1 store i64 %67, i64* %59, align 8 store i64 %68, i64* %64, align 8 br label %69 %70 = and i32 %9, 256 %71 = icmp eq i32 %70, 0 %72 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 0 br i1 %71, label %73, label %75 %76 = load i64, i64* %72, align 8 %77 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 1 %78 = load i64, i64* %77, align 8 %79 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %76, i64 %78, %struct.inode.137152* %5) #69 %80 = extractvalue { i64, i64 } %79, 0 %81 = extractvalue { i64, i64 } %79, 1 store i64 %80, i64* %72, align 8 store i64 %81, i64* %77, align 8 br label %82 %83 = and i32 %9, 16384 %84 = icmp eq i32 %83, 0 br i1 %84, label %94, label %85 %95 = phi i32 [ %36, %82 ], [ %36, %88 ], [ %93, %90 ] %96 = phi i32 [ %9, %82 ], [ %9, %88 ], [ %92, %90 ] %97 = and i32 %96, 6144 %98 = icmp eq i32 %97, 0 %99 = icmp eq i32 %95, 0 %100 = or i1 %98, %99 br i1 %100, label %102, label %101 %103 = and i32 %96, 2048 %104 = icmp eq i32 %103, 0 %105 = and i16 %7, 2048 %106 = icmp eq i16 %105, 0 %107 = or i1 %106, %104 br i1 %107, label %114, label %108 %115 = phi i32 [ %110, %108 ], [ %96, %102 ] %116 = and i32 %115, 4096 %117 = icmp ne i32 %116, 0 %118 = and i16 %7, 1032 %119 = icmp eq i16 %118, 1032 %120 = and i1 %119, %117 br i1 %120, label %121, label %137 %138 = phi i32 [ %134, %132 ], [ %115, %114 ] %139 = load i32, i32* %8, align 8 %140 = and i32 %139, -6145 %141 = icmp eq i32 %140, 0 br i1 %141, label %247, label %142 %143 = and i32 %138, 2 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %146 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %147 = load i32, i32* %146, align 8 %148 = icmp eq i32 %147, -1 br i1 %148, label %247, label %149 %150 = and i32 %138, 4 %151 = icmp eq i32 %150, 0 br i1 %151, label %156, label %152 %153 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %154, -1 br i1 %155, label %247, label %156 br i1 %144, label %157, label %161 %158 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 2, i32 0 %159 = load i32, i32* %158, align 4 %160 = icmp eq i32 %159, -1 br i1 %160, label %247, label %161 br i1 %151, label %162, label %166 %163 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 3, i32 0 %164 = load i32, i32* %163, align 8 %165 = icmp eq i32 %164, -1 br i1 %165, label %247, label %166 %167 = tail call i32 bitcast (i32 (%struct.dentry.112781*, %struct.iattr.112338*)* @security_inode_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %247 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 40 %171 = load %struct.file_lock_context*, %struct.file_lock_context** %170, align 8 %172 = icmp eq %struct.file_lock_context* %171, null br i1 %172, label %190, label %173 %191 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 7 %192 = load %struct.inode_operations.137148*, %struct.inode_operations.137148** %191, align 8 %193 = getelementptr inbounds %struct.inode_operations.137148, %struct.inode_operations.137148* %192, i64 0, i32 13 %194 = bitcast {}** %193 to i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %195 = load i32 (%struct.dentry.137143*, %struct.iattr.137257*)*, i32 (%struct.dentry.137143*, %struct.iattr.137257*)** %194, align 8 %196 = icmp eq i32 (%struct.dentry.137143*, %struct.iattr.137257*)* %195, null br i1 %196, label %199, label %197 %200 = tail call i32 bitcast (i32 (%struct.dentry.139777*, %struct.iattr.139765*)* @simple_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 Function:simple_setattr %3 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %4 = load %struct.inode.139773*, %struct.inode.139773** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.139777*, %struct.iattr.139765*)*)(%struct.dentry.139777* %0, %struct.iattr.139765* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 setattr_prepare 1 shmem_setattr ------------- Path:  Function:shmem_setattr %3 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = tail call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*)* @setattr_prepare to i32 (%struct.dentry.112781*, %struct.iattr.112338*)*)(%struct.dentry.112781* %0, %struct.iattr.112338* %1) #69 Function:setattr_prepare %3 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %4 = load %struct.inode.137152*, %struct.inode.137152** %3, align 8 %5 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %37, label %9 %10 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 4 %11 = load i64, i64* %10, align 8 %12 = icmp slt i64 %11, 0 br i1 %12, label %130, label %13 %14 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = icmp slt i64 %15, %11 br i1 %16, label %17, label %30 %31 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 4 %32 = load i32, i32* %31, align 4 %33 = and i32 %32, 256 %34 = icmp eq i32 %33, 0 br i1 %34, label %37, label %130 %38 = and i32 %6, 512 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %123 %41 = and i32 %6, 2 %42 = icmp eq i32 %41, 0 br i1 %42, label %67, label %43 %44 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %45 = load i32, i32* %44, align 8 %46 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %47 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %46, i64 0, i32 78 %48 = load %struct.cred*, %struct.cred** %47, align 64 %49 = getelementptr inbounds %struct.cred, %struct.cred* %48, i64 0, i32 7, i32 0 %50 = load i32, i32* %49, align 4 %51 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %52 = load i32, i32* %51, align 4 %53 = icmp eq i32 %50, %52 %54 = icmp eq i32 %52, %45 %55 = and i1 %53, %54 br i1 %55, label %67, label %56 %68 = and i32 %6, 4 %69 = icmp eq i32 %68, 0 br i1 %69, label %100, label %70 %71 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %72 = load i32, i32* %71, align 4 %73 = tail call %struct.task_struct.137256* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.137256** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.137256**)) #10, !srcloc !4 %74 = getelementptr inbounds %struct.task_struct.137256, %struct.task_struct.137256* %73, i64 0, i32 78 %75 = load %struct.cred*, %struct.cred** %74, align 64 %76 = getelementptr inbounds %struct.cred, %struct.cred* %75, i64 0, i32 7, i32 0 %77 = load i32, i32* %76, align 4 %78 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 2, i32 0 %79 = load i32, i32* %78, align 4 %80 = icmp eq i32 %77, %79 br i1 %80, label %81, label %88 %82 = tail call i32 @in_group_p(i32 %72) #69 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %100 %85 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %86 = load i32, i32* %85, align 8 %87 = icmp eq i32 %86, %72 br i1 %87, label %100, label %88 %89 = tail call zeroext i1 bitcast (i1 (%struct.inode.43174*, i32)* @capable_wrt_inode_uidgid to i1 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %4, i32 0) #69 br i1 %89, label %100, label %90 %91 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %92 = load i32, i32* %91, align 8 %93 = icmp eq i32 %92, -1 br i1 %93, label %94, label %130 %95 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 8 %96 = load %struct.super_block.137140*, %struct.super_block.137140** %95, align 8 %97 = getelementptr inbounds %struct.super_block.137140, %struct.super_block.137140* %96, i64 0, i32 48 %98 = load %struct.user_namespace*, %struct.user_namespace** %97, align 32 %99 = tail call zeroext i1 @ns_capable(%struct.user_namespace* %98, i32 0) #69 br i1 %99, label %100, label %130 %101 = and i32 %6, 1 %102 = icmp eq i32 %101, 0 br i1 %102, label %118, label %103 %104 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 br i1 %104, label %105, label %130 %106 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %107 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %4, i64 0, i32 3, i32 0 %108 = select i1 %69, i32* %107, i32* %106 %109 = load i32, i32* %108, align 4 %110 = tail call i32 @in_group_p(i32 %109) #69 %111 = icmp eq i32 %110, 0 br i1 %111, label %112, label %118 %119 = and i32 %6, 65920 %120 = icmp eq i32 %119, 0 br i1 %120, label %123, label %121 %122 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __ia32_sys_madvise ------------- Path:  Function:__ia32_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_madvise(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %216 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 6 %217 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %216, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %218 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %219 = load i64, i64* %218, align 8 %220 = and i64 %219, 4203520 %221 = icmp eq i64 %220, 0 br i1 %221, label %222, label %243 %223 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 12 %224 = load %struct.vm_operations_struct.125299*, %struct.vm_operations_struct.125299** %223, align 8 %225 = icmp eq %struct.vm_operations_struct.125299* %224, null br i1 %225, label %240, label %226 %227 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %228 = load %struct.file.125060*, %struct.file.125060** %227, align 8 %229 = icmp eq %struct.file.125060* %228, null br i1 %229, label %243, label %230 %231 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %228, i64 0, i32 2 %232 = load %struct.inode.125284*, %struct.inode.125284** %231, align 8 %233 = call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.125284*)*)(%struct.inode.125284* %232) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_madvise 1 __x64_sys_madvise ------------- Path:  Function:__x64_sys_madvise %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_madvise(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_madvise %4 = alloca %struct.mmu_notifier_range.125415, align 8 %5 = alloca %struct.mmu_gather.125414, align 8 %6 = alloca %struct.madvise_walk_private, align 8 %7 = alloca %struct.mmu_gather.125414, align 8 %8 = alloca %struct.madvise_walk_private, align 8 %9 = alloca %struct.mmu_gather.125414, align 8 %10 = alloca %struct.vm_area_struct.125300*, align 8 %11 = alloca %struct.blk_plug, align 8 %12 = trunc i64 %2 to i32 %13 = bitcast %struct.vm_area_struct.125300** %10 to i8* %14 = bitcast %struct.blk_plug* %11 to i8* switch i32 %12, label %443 [ i32 11, label %15 i32 10, label %15 i32 0, label %15 i32 2, label %15 i32 1, label %15 i32 9, label %15 i32 3, label %15 i32 4, label %15 i32 8, label %15 i32 20, label %15 i32 21, label %15 i32 16, label %15 i32 17, label %15 i32 18, label %15 i32 19, label %15 ] %16 = and i64 %0, 4095 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %443 %19 = add i64 %1, 4095 %20 = and i64 %19, -4096 %21 = icmp eq i64 %1, 0 %22 = icmp ne i64 %20, 0 %23 = or i1 %21, %22 br i1 %23, label %24, label %443 %25 = add i64 %20, %0 %26 = icmp ult i64 %25, %0 br i1 %26, label %443, label %27 %28 = icmp eq i64 %20, 0 br i1 %28, label %443, label %29 %30 = add i32 %12, -3 %31 = icmp ult i32 %30, 19 %32 = trunc i32 %30 to i19 %33 = lshr i19 -130973, %32 %34 = and i19 %33, 1 %35 = icmp ne i19 %34, 0 %36 = and i1 %31, %35 %37 = tail call %struct.task_struct.125410* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.125410** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.125410**)) #10, !srcloc !4 %38 = getelementptr inbounds %struct.task_struct.125410, %struct.task_struct.125410* %37, i64 0, i32 33 %39 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %40 = getelementptr inbounds %struct.mm_struct.125313, %struct.mm_struct.125313* %39, i64 0, i32 0, i32 17 br i1 %36, label %44, label %41 tail call void @down_read(%struct.rw_semaphore* %40) #69 br label %45 %46 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %38, align 8 %47 = call %struct.vm_area_struct.125300* bitcast (%struct.vm_area_struct.112802* (%struct.mm_struct.112799*, i64, %struct.vm_area_struct.112802**)* @find_vma_prev to %struct.vm_area_struct.125300* (%struct.mm_struct.125313*, i64, %struct.vm_area_struct.125300**)*)(%struct.mm_struct.125313* %46, i64 %0, %struct.vm_area_struct.125300** nonnull %10) #69 %48 = icmp eq %struct.vm_area_struct.125300* %47, null br i1 %48, label %54, label %49 %50 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %47, i64 0, i32 0 %51 = load i64, i64* %50, align 8 %52 = icmp ult i64 %51, %0 br i1 %52, label %53, label %55 store %struct.vm_area_struct.125300* %47, %struct.vm_area_struct.125300** %10, align 8 br label %55 call void @blk_start_plug(%struct.blk_plug* nonnull %11) #69 %56 = bitcast %struct.mmu_notifier_range.125415* %4 to i8* %57 = bitcast %struct.mmu_gather.125414* %5 to i8* %58 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 2 %59 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 3 %60 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 0 %61 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 5 %62 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 1 %63 = getelementptr inbounds %struct.mmu_notifier_range.125415, %struct.mmu_notifier_range.125415* %4, i64 0, i32 4 %64 = bitcast %struct.mmu_gather.125414* %7 to i8* %65 = bitcast %struct.madvise_walk_private* %6 to i8* %66 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 0 %67 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %6, i64 0, i32 1 %68 = bitcast %struct.mmu_gather.125414* %9 to i8* %69 = bitcast %struct.madvise_walk_private* %8 to i8* %70 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 0 %71 = getelementptr inbounds %struct.madvise_walk_private, %struct.madvise_walk_private* %8, i64 0, i32 1 br label %72 %73 = phi i64 [ %0, %55 ], [ %432, %431 ] %74 = phi i32 [ 0, %55 ], [ %82, %431 ] %75 = phi %struct.vm_area_struct.125300* [ %47, %55 ], [ %433, %431 ] %76 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 0 %77 = load i64, i64* %76, align 8 %78 = icmp ult i64 %73, %77 br i1 %78, label %79, label %81 %80 = icmp ult i64 %77, %25 br i1 %80, label %81, label %435 %82 = phi i32 [ -12, %79 ], [ %74, %72 ] %83 = phi i64 [ %77, %79 ], [ %73, %72 ] %84 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 1 %85 = load i64, i64* %84, align 8 %86 = icmp ult i64 %25, %85 %87 = select i1 %86, i64 %25, i64 %85 switch i32 %12, label %318 [ i32 9, label %88 i32 3, label %122 i32 20, label %203 i32 21, label %215 i32 8, label %245 i32 4, label %245 ] %216 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 6 %217 = load %struct.mm_struct.125313*, %struct.mm_struct.125313** %216, align 8 store %struct.vm_area_struct.125300* %75, %struct.vm_area_struct.125300** %10, align 8 %218 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 8 %219 = load i64, i64* %218, align 8 %220 = and i64 %219, 4203520 %221 = icmp eq i64 %220, 0 br i1 %221, label %222, label %243 %223 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 12 %224 = load %struct.vm_operations_struct.125299*, %struct.vm_operations_struct.125299** %223, align 8 %225 = icmp eq %struct.vm_operations_struct.125299* %224, null br i1 %225, label %240, label %226 %227 = getelementptr inbounds %struct.vm_area_struct.125300, %struct.vm_area_struct.125300* %75, i64 0, i32 14 %228 = load %struct.file.125060*, %struct.file.125060** %227, align 8 %229 = icmp eq %struct.file.125060* %228, null br i1 %229, label %243, label %230 %231 = getelementptr inbounds %struct.file.125060, %struct.file.125060* %228, i64 0, i32 2 %232 = load %struct.inode.125284*, %struct.inode.125284** %231, align 8 %233 = call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.125284*)*)(%struct.inode.125284* %232) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 do_compat_fcntl64 2 __ia32_compat_sys_fcntl ------------- Path:  Function:__ia32_compat_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 switch i32 %4, label %5 [ i32 12, label %13 i32 13, label %13 i32 14, label %13 i32 36, label %13 i32 37, label %13 i32 38, label %13 ] %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %7 to i32 %11 = trunc i64 %9 to i32 %12 = tail call fastcc i64 @do_compat_fcntl64(i32 %11, i32 %4, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = bitcast %struct.flock* %10 to i8* %15 = icmp eq i64 %12, 0 br i1 %15, label %183, label %16 %17 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %13, i64 0, i32 8 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 16384 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21, !prof !4, !misexpect !5 switch i32 %1, label %178 [ i32 0, label %22 i32 1030, label %22 i32 1, label %22 i32 2, label %22 i32 3, label %22 ] %23 = zext i32 %2 to i64 %24 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_fcntl to i32 (%struct.file.43183*, i32, i64)*)(%struct.file.43183* nonnull %13, i32 %1, i64 %23) #69 %25 = sext i32 %24 to i64 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %178 switch i32 %1, label %176 [ i32 5, label %28 i32 12, label %78 i32 36, label %78 i32 6, label %122 i32 7, label %122 i32 13, label %148 i32 14, label %148 i32 37, label %148 i32 38, label %148 ] %177 = tail call fastcc i64 @do_fcntl(i32 %0, i32 %1, i64 %23, %struct.file.43183* nonnull %13) #70 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %280 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %158 i32 15, label %186 i32 1038, label %230 i32 11, label %208 i32 10, label %212 i32 1025, label %217 i32 1024, label %220 i32 1026, label %223 i32 1031, label %226 i32 1032, label %226 i32 1033, label %228 i32 1034, label %228 i32 1035, label %230 i32 1036, label %230 i32 1037, label %230 ] %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 2 %31 = load %struct.inode.43174*, %struct.inode.43174** %30, align 8 %32 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.43174*)*)(%struct.inode.43174* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 do_compat_fcntl64 2 __ia32_compat_sys_fcntl64 ------------- Path:  Function:__ia32_compat_sys_fcntl64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call fastcc i64 @do_compat_fcntl64(i32 %8, i32 %9, i32 %10) #69 Function:do_compat_fcntl64 %4 = alloca %struct.compat_flock64, align 2 %5 = alloca %struct.ldttss_desc, align 4 %6 = alloca %struct.compat_flock64, align 2 %7 = alloca %struct.ldttss_desc, align 4 %8 = alloca %struct.compat_flock64, align 2 %9 = alloca %struct.ldttss_desc, align 4 %10 = alloca %struct.flock, align 8 %11 = tail call i64 @__fdget_raw(i32 %0) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.43183* %14 = bitcast %struct.flock* %10 to i8* %15 = icmp eq i64 %12, 0 br i1 %15, label %183, label %16 %17 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %13, i64 0, i32 8 %18 = load i32, i32* %17, align 4 %19 = and i32 %18, 16384 %20 = icmp eq i32 %19, 0 br i1 %20, label %22, label %21, !prof !4, !misexpect !5 switch i32 %1, label %178 [ i32 0, label %22 i32 1030, label %22 i32 1, label %22 i32 2, label %22 i32 3, label %22 ] %23 = zext i32 %2 to i64 %24 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_fcntl to i32 (%struct.file.43183*, i32, i64)*)(%struct.file.43183* nonnull %13, i32 %1, i64 %23) #69 %25 = sext i32 %24 to i64 %26 = icmp eq i32 %24, 0 br i1 %26, label %27, label %178 switch i32 %1, label %176 [ i32 5, label %28 i32 12, label %78 i32 36, label %78 i32 6, label %122 i32 7, label %122 i32 13, label %148 i32 14, label %148 i32 37, label %148 i32 38, label %148 ] %177 = tail call fastcc i64 @do_fcntl(i32 %0, i32 %1, i64 %23, %struct.file.43183* nonnull %13) #70 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %280 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %158 i32 15, label %186 i32 1038, label %230 i32 11, label %208 i32 10, label %212 i32 1025, label %217 i32 1024, label %220 i32 1026, label %223 i32 1031, label %226 i32 1032, label %226 i32 1033, label %228 i32 1034, label %228 i32 1035, label %230 i32 1036, label %230 i32 1037, label %230 ] %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 2 %31 = load %struct.inode.43174*, %struct.inode.43174** %30, align 8 %32 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.43174*)*)(%struct.inode.43174* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 __se_sys_fcntl 2 __ia32_sys_fcntl ------------- Path:  Function:__ia32_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_fcntl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.43183* %9 = icmp eq i64 %7, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %8, i64 0, i32 8 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 16384 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 switch i32 %5, label %22 [ i32 0, label %16 i32 1030, label %16 i32 1, label %16 i32 2, label %16 i32 3, label %16 ] %17 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_fcntl to i32 (%struct.file.43183*, i32, i64)*)(%struct.file.43183* nonnull %8, i32 %5, i64 %2) #69 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %22 %21 = tail call fastcc i64 @do_fcntl(i32 %4, i32 %5, i64 %2, %struct.file.43183* nonnull %8) #69 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %280 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %158 i32 15, label %186 i32 1038, label %230 i32 11, label %208 i32 10, label %212 i32 1025, label %217 i32 1024, label %220 i32 1026, label %223 i32 1031, label %226 i32 1032, label %226 i32 1033, label %228 i32 1034, label %228 i32 1035, label %230 i32 1036, label %230 i32 1037, label %230 ] %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 2 %31 = load %struct.inode.43174*, %struct.inode.43174** %30, align 8 %32 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.43174*)*)(%struct.inode.43174* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_fcntl 1 __se_sys_fcntl 2 __x64_sys_fcntl ------------- Path:  Function:__x64_sys_fcntl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_fcntl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_fcntl %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = tail call i64 @__fdget_raw(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.43183* %9 = icmp eq i64 %7, 0 br i1 %9, label %27, label %10 %11 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %8, i64 0, i32 8 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 16384 %14 = icmp eq i32 %13, 0 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 switch i32 %5, label %22 [ i32 0, label %16 i32 1030, label %16 i32 1, label %16 i32 2, label %16 i32 3, label %16 ] %17 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_fcntl to i32 (%struct.file.43183*, i32, i64)*)(%struct.file.43183* nonnull %8, i32 %5, i64 %2) #69 %18 = sext i32 %17 to i64 %19 = icmp eq i32 %17, 0 br i1 %19, label %20, label %22 %21 = tail call fastcc i64 @do_fcntl(i32 %4, i32 %5, i64 %2, %struct.file.43183* nonnull %8) #69 Function:do_fcntl %5 = alloca i64, align 8 %6 = alloca %struct.util_est, align 4 %7 = alloca %struct.util_est, align 4 %8 = alloca %struct.flock, align 8 %9 = inttoptr i64 %2 to i8* %10 = bitcast %struct.flock* %8 to i8* switch i32 %1, label %280 [ i32 0, label %11 i32 1030, label %15 i32 1, label %19 i32 2, label %22 i32 3, label %25 i32 4, label %29 i32 36, label %110 i32 5, label %110 i32 37, label %120 i32 38, label %120 i32 6, label %120 i32 7, label %120 i32 9, label %126 i32 8, label %139 i32 16, label %158 i32 15, label %186 i32 1038, label %230 i32 11, label %208 i32 10, label %212 i32 1025, label %217 i32 1024, label %220 i32 1026, label %223 i32 1031, label %226 i32 1032, label %226 i32 1033, label %228 i32 1034, label %228 i32 1035, label %230 i32 1036, label %230 i32 1037, label %230 ] %30 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 2 %31 = load %struct.inode.43174*, %struct.inode.43174** %30, align 8 %32 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %3, i64 0, i32 7 %33 = load i32, i32* %32, align 8 %34 = zext i32 %33 to i64 %35 = xor i64 %34, %2 %36 = and i64 %35, 1024 %37 = icmp eq i64 %36, 0 br i1 %37, label %43, label %38 %39 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %31, i64 0, i32 4 %40 = load i32, i32* %39, align 4 %41 = and i32 %40, 4 %42 = icmp eq i32 %41, 0 br i1 %42, label %43, label %107 %44 = and i64 %2, 262144 %45 = icmp ne i64 %44, 0 %46 = and i32 %33, 262144 %47 = icmp eq i32 %46, 0 %48 = and i1 %45, %47 br i1 %48, label %49, label %51 %50 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.43174*)*)(%struct.inode.43174* %31) #69 ------------- Use: =BAD PATH= Call Stack: 0 xattr_permission 1 vfs_getxattr 2 getxattr 3 __ia32_sys_fgetxattr ------------- Path:  Function:__ia32_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = inttoptr i64 %9 to i8* %16 = tail call i64 @__fdget(i32 %13) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.112786* %19 = icmp eq i64 %17, 0 br i1 %19, label %37, label %20 %21 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %21, i64 0, i32 97 %23 = load %struct.audit_context*, %struct.audit_context** %22, align 8 %24 = icmp eq %struct.audit_context* %23, null br i1 %24, label %30, label %25 %26 = bitcast %struct.audit_context* %23 to i32* %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %18) #69 br label %30 %31 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %18, i64 0, i32 1, i32 1 %32 = load %struct.dentry.112781*, %struct.dentry.112781** %31, align 8 %33 = tail call fastcc i64 @getxattr(%struct.dentry.112781* %32, i8* %14, i8* %15, i64 %12) #69 Function:getxattr %5 = alloca [256 x i8], align 16 %6 = getelementptr inbounds [256 x i8], [256 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 256) #69 %8 = and i64 %7, -257 %9 = icmp eq i64 %8, 0 %10 = select i1 %9, i64 -34, i64 %7 %11 = icmp slt i64 %10, 0 br i1 %11, label %49, label %12 %13 = icmp eq i64 %3, 0 br i1 %13, label %19, label %14 %15 = icmp ult i64 %3, 65536 %16 = select i1 %15, i64 %3, i64 65536 %17 = call i8* @kvmalloc_node(i64 %16, i32 3520, i32 -1) #69 %18 = icmp eq i8* %17, null br i1 %18, label %49, label %19 %20 = phi i64 [ %16, %14 ], [ 0, %12 ] %21 = phi i8* [ %17, %14 ], [ null, %12 ] %22 = call i64 @vfs_getxattr(%struct.dentry.112781* %0, i8* nonnull %6, i8* %21, i64 %20) #70 Function:vfs_getxattr %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 %8 = tail call fastcc i32 @xattr_permission(%struct.inode.112777* %7, i8* %1, i32 4) #69 Function:xattr_permission %4 = and i32 %2, 2 %5 = icmp eq i32 %4, 0 br i1 %5, label %19, label %6 %20 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(10) getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.15627, i64 0, i64 0), i64 9) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %49, label %22 %23 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.15629, i64 0, i64 0), i64 7) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %49, label %25 %26 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.15630, i64 0, i64 0), i64 8) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %33 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.6.15631, i64 0, i64 0), i64 5) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %47 %36 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %0, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 switch i16 %38, label %39 [ i16 -32768, label %41 i16 16384, label %41 ] %42 = and i16 %37, -3584 %43 = icmp ne i16 %42, 16896 %44 = or i1 %5, %43 br i1 %44, label %47, label %45 %46 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.112777*)*)(%struct.inode.112777* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 xattr_permission 1 vfs_getxattr 2 getxattr 3 __x64_sys_fgetxattr ------------- Path:  Function:__x64_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call i64 @__fdget(i32 %12) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.112786* %16 = icmp eq i64 %14, 0 br i1 %16, label %34, label %17 %18 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %18, i64 0, i32 97 %20 = load %struct.audit_context*, %struct.audit_context** %19, align 8 %21 = icmp eq %struct.audit_context* %20, null br i1 %21, label %27, label %22 %23 = bitcast %struct.audit_context* %20 to i32* %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %27, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %15) #69 br label %27 %28 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %15, i64 0, i32 1, i32 1 %29 = load %struct.dentry.112781*, %struct.dentry.112781** %28, align 8 %30 = tail call fastcc i64 @getxattr(%struct.dentry.112781* %29, i8* %6, i8* %9, i64 %11) #69 Function:getxattr %5 = alloca [256 x i8], align 16 %6 = getelementptr inbounds [256 x i8], [256 x i8]* %5, i64 0, i64 0 %7 = call i64 @strncpy_from_user(i8* nonnull %6, i8* %1, i64 256) #69 %8 = and i64 %7, -257 %9 = icmp eq i64 %8, 0 %10 = select i1 %9, i64 -34, i64 %7 %11 = icmp slt i64 %10, 0 br i1 %11, label %49, label %12 %13 = icmp eq i64 %3, 0 br i1 %13, label %19, label %14 %15 = icmp ult i64 %3, 65536 %16 = select i1 %15, i64 %3, i64 65536 %17 = call i8* @kvmalloc_node(i64 %16, i32 3520, i32 -1) #69 %18 = icmp eq i8* %17, null br i1 %18, label %49, label %19 %20 = phi i64 [ %16, %14 ], [ 0, %12 ] %21 = phi i8* [ %17, %14 ], [ null, %12 ] %22 = call i64 @vfs_getxattr(%struct.dentry.112781* %0, i8* nonnull %6, i8* %21, i64 %20) #70 Function:vfs_getxattr %5 = alloca i8*, align 8 %6 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 %8 = tail call fastcc i32 @xattr_permission(%struct.inode.112777* %7, i8* %1, i32 4) #69 Function:xattr_permission %4 = and i32 %2, 2 %5 = icmp eq i32 %4, 0 br i1 %5, label %19, label %6 %20 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(10) getelementptr inbounds ([10 x i8], [10 x i8]* @.str.1.15627, i64 0, i64 0), i64 9) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %49, label %22 %23 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(8) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.15629, i64 0, i64 0), i64 7) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %49, label %25 %26 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(9) getelementptr inbounds ([9 x i8], [9 x i8]* @.str.5.15630, i64 0, i64 0), i64 8) #69 %27 = icmp eq i32 %26, 0 br i1 %27, label %28, label %32 %33 = tail call i32 @strncmp(i8* %1, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.6.15631, i64 0, i64 0), i64 5) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %47 %36 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %0, i64 0, i32 0 %37 = load i16, i16* %36, align 8 %38 = and i16 %37, -4096 switch i16 %38, label %39 [ i16 -32768, label %41 i16 16384, label %41 ] %42 = and i16 %37, -3584 %43 = icmp ne i16 %42, 16896 %44 = or i1 %5, %43 br i1 %44, label %47, label %45 %46 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.112777*)*)(%struct.inode.112777* %0) #70 ------------- Good: 50 Bad: 65 Ignored: 174 Check Use of Function:perf_event_enable Check Use of Function:snapshot_write_finalize Check Use of Function:tg3_ptp_enable Check Use of Function:ext4_file_write_iter Check Use of Function:compat_alloc_user_space Use: =BAD PATH= Call Stack: 0 __compat_sys_setsockopt 1 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %197 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %198 = load i32, i32* %197, align 8 %199 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 3 %200 = load i32, i32* %199, align 4 %201 = zext i32 %200 to i64 %202 = inttoptr i64 %201 to i8* %203 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 4 %204 = load i32, i32* %203, align 16 %205 = call fastcc i32 @__compat_sys_setsockopt(i32 %89, i32 %91, i32 %198, i8* %202, i32 %204) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.compat_sock_fprog, align 4 %7 = alloca %struct.sock_fprog_kern, align 8 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = icmp slt i32 %4, 0 br i1 %10, label %69, label %11 %12 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 %13 = icmp eq %struct.socket.250973* %12, null br i1 %13, label %67, label %14 %15 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_setsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %12, i32 %1, i32 %2) #69 store i32 %15, i32* %8, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %17 %22 = icmp eq i32 %1, 1 br i1 %22, label %23, label %52 switch i32 %2, label %48 [ i32 51, label %24 i32 26, label %24 ] %25 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __compat_sys_setsockopt 1 __ia32_compat_sys_setsockopt ------------- Path:  Function:__ia32_compat_sys_setsockopt %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %10 to i8* %17 = trunc i64 %12 to i32 %18 = tail call fastcc i32 @__compat_sys_setsockopt(i32 %13, i32 %14, i32 %15, i8* %16, i32 %17) #69 Function:__compat_sys_setsockopt %6 = alloca %struct.compat_sock_fprog, align 4 %7 = alloca %struct.sock_fprog_kern, align 8 %8 = alloca i32, align 4 %9 = bitcast i32* %8 to i8* %10 = icmp slt i32 %4, 0 br i1 %10, label %69, label %11 %12 = call %struct.socket.250973* @sockfd_lookup(i32 %0, i32* nonnull %8) #69 %13 = icmp eq %struct.socket.250973* %12, null br i1 %13, label %67, label %14 %15 = call i32 bitcast (i32 (%struct.socket*, i32, i32)* @security_socket_setsockopt to i32 (%struct.socket.250973*, i32, i32)*)(%struct.socket.250973* nonnull %12, i32 %1, i32 %2) #69 store i32 %15, i32* %8, align 4 %16 = icmp eq i32 %15, 0 br i1 %16, label %21, label %17 %22 = icmp eq i32 %1, 1 br i1 %22, label %23, label %52 switch i32 %2, label %48 [ i32 51, label %24 i32 26, label %24 ] %25 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 get_compat_bpf_fprog 1 compat_packet_setsockopt ------------- Path:  Function:compat_packet_setsockopt %6 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %7 = bitcast %struct.sock.250976** %6 to %struct.packet_sock** %8 = load %struct.packet_sock*, %struct.packet_sock** %7, align 8 %9 = icmp eq i32 %1, 263 br i1 %9, label %10, label %29 %11 = icmp eq i32 %2, 22 br i1 %11, label %12, label %25 %13 = getelementptr inbounds %struct.packet_sock, %struct.packet_sock* %8, i64 0, i32 1 %14 = load %struct.packet_fanout*, %struct.packet_fanout** %13, align 32 %15 = icmp eq %struct.packet_fanout* %14, null br i1 %15, label %25, label %16 %17 = getelementptr inbounds %struct.packet_fanout, %struct.packet_fanout* %14, i64 0, i32 3 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 6 br i1 %19, label %20, label %25 %21 = tail call %struct.sock_fprog_kern* @get_compat_bpf_fprog(i8* %3) #69 Function:get_compat_bpf_fprog %2 = alloca %struct.compat_sock_fprog, align 4 %3 = alloca %struct.sock_fprog_kern, align 8 %4 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.in6_rtmsg, align 8 %6 = alloca %struct.rtentry, align 8 %7 = alloca [16 x i8], align 16 %8 = alloca %struct.ifreq, align 8 %9 = alloca %struct.ifreq, align 8 %10 = alloca %struct.ifreq, align 8 %11 = alloca %struct.util_est, align 4 %12 = alloca %struct.ifconf, align 8 %13 = alloca %struct.ifreq, align 8 %14 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %15 = bitcast i8** %14 to %struct.socket.250973** %16 = load %struct.socket.250973*, %struct.socket.250973** %15, align 8 %17 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %16, i64 0, i32 4 %18 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %16, i64 0, i32 5 %19 = load %struct.proto_ops.250972*, %struct.proto_ops.250972** %18, align 32 %20 = getelementptr inbounds %struct.proto_ops.250972, %struct.proto_ops.250972* %19, i64 0, i32 10 %21 = load i32 (%struct.socket.250973*, i32, i64)*, i32 (%struct.socket.250973*, i32, i64)** %20, align 8 %22 = icmp eq i32 (%struct.socket.250973*, i32, i64)* %21, null br i1 %22, label %25, label %23 %26 = phi i32 [ %24, %23 ], [ -515, %3 ] %27 = icmp eq i32 %26, -515 %28 = and i32 %1, -256 %29 = icmp eq i32 %28, 35584 %30 = and i1 %29, %27 %31 = xor i1 %27, true %32 = or i1 %29, %31 %33 = select i1 %30, i32 -22, i32 %26 br i1 %32, label %774, label %34 %35 = and i64 %2, 4294967295 %36 = inttoptr i64 %35 to i8* %37 = load %struct.sock.250976*, %struct.sock.250976** %17, align 8 %38 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %37, i64 0, i32 0, i32 9, i32 0 %39 = load %struct.net.251046*, %struct.net.251046** %38, align 8 %40 = and i32 %1, -16 %41 = icmp eq i32 %40, 35312 br i1 %41, label %42, label %69 switch i32 %1, label %774 [ i32 35137, label %70 i32 35136, label %70 i32 35090, label %84 i32 35142, label %107 i32 35146, label %375 i32 35184, label %406 i32 35185, label %406 i32 35083, label %509 i32 35084, label %509 i32 35078, label %697 i32 35079, label %697 i32 35219, label %705 i32 35220, label %705 i32 35248, label %705 i32 35249, label %705 i32 35073, label %732 i32 35074, label %732 i32 35075, label %732 i32 35076, label %732 i32 35232, label %732 i32 35233, label %732 i32 35202, label %732 i32 35203, label %732 i32 35200, label %732 i32 35201, label %732 i32 35148, label %732 i32 -2146399994, label %732 i32 -2146399993, label %732 i32 35091, label %735 i32 35092, label %735 i32 35101, label %735 i32 35102, label %735 i32 35105, label %735 i32 35106, label %735 i32 35103, label %735 i32 35104, label %735 i32 35111, label %735 i32 35108, label %735 i32 35121, label %735 i32 35122, label %735 i32 35123, label %735 i32 35093, label %735 i32 35094, label %735 i32 35127, label %735 i32 35126, label %735 i32 35097, label %735 i32 35098, label %735 i32 35095, label %735 i32 35096, label %735 i32 35099, label %735 i32 35100, label %735 i32 35124, label %735 i32 35125, label %735 i32 35138, label %735 i32 35139, label %735 i32 35234, label %735 i32 35235, label %735 i32 35088, label %735 i32 35107, label %735 i32 35143, label %735 i32 35144, label %735 i32 35145, label %735 i32 35216, label %735 i32 35217, label %735 i32 35218, label %735 i32 35221, label %735 i32 35157, label %771 i32 35156, label %771 i32 35155, label %771 i32 35147, label %771 i32 35077, label %771 ] %736 = inttoptr i64 %35 to %struct.compat_ifreq* %737 = tail call i8* @compat_alloc_user_space(i64 40) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_sock_ioctl ------------- Path:  Function:compat_sock_ioctl %4 = alloca %struct.ifreq, align 8 %5 = alloca %struct.in6_rtmsg, align 8 %6 = alloca %struct.rtentry, align 8 %7 = alloca [16 x i8], align 16 %8 = alloca %struct.ifreq, align 8 %9 = alloca %struct.ifreq, align 8 %10 = alloca %struct.ifreq, align 8 %11 = alloca %struct.util_est, align 4 %12 = alloca %struct.ifconf, align 8 %13 = alloca %struct.ifreq, align 8 %14 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %15 = bitcast i8** %14 to %struct.socket.250973** %16 = load %struct.socket.250973*, %struct.socket.250973** %15, align 8 %17 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %16, i64 0, i32 4 %18 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %16, i64 0, i32 5 %19 = load %struct.proto_ops.250972*, %struct.proto_ops.250972** %18, align 32 %20 = getelementptr inbounds %struct.proto_ops.250972, %struct.proto_ops.250972* %19, i64 0, i32 10 %21 = load i32 (%struct.socket.250973*, i32, i64)*, i32 (%struct.socket.250973*, i32, i64)** %20, align 8 %22 = icmp eq i32 (%struct.socket.250973*, i32, i64)* %21, null br i1 %22, label %25, label %23 %26 = phi i32 [ %24, %23 ], [ -515, %3 ] %27 = icmp eq i32 %26, -515 %28 = and i32 %1, -256 %29 = icmp eq i32 %28, 35584 %30 = and i1 %29, %27 %31 = xor i1 %27, true %32 = or i1 %29, %31 %33 = select i1 %30, i32 -22, i32 %26 br i1 %32, label %774, label %34 %35 = and i64 %2, 4294967295 %36 = inttoptr i64 %35 to i8* %37 = load %struct.sock.250976*, %struct.sock.250976** %17, align 8 %38 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %37, i64 0, i32 0, i32 9, i32 0 %39 = load %struct.net.251046*, %struct.net.251046** %38, align 8 %40 = and i32 %1, -16 %41 = icmp eq i32 %40, 35312 br i1 %41, label %42, label %69 switch i32 %1, label %774 [ i32 35137, label %70 i32 35136, label %70 i32 35090, label %84 i32 35142, label %107 i32 35146, label %375 i32 35184, label %406 i32 35185, label %406 i32 35083, label %509 i32 35084, label %509 i32 35078, label %697 i32 35079, label %697 i32 35219, label %705 i32 35220, label %705 i32 35248, label %705 i32 35249, label %705 i32 35073, label %732 i32 35074, label %732 i32 35075, label %732 i32 35076, label %732 i32 35232, label %732 i32 35233, label %732 i32 35202, label %732 i32 35203, label %732 i32 35200, label %732 i32 35201, label %732 i32 35148, label %732 i32 -2146399994, label %732 i32 -2146399993, label %732 i32 35091, label %735 i32 35092, label %735 i32 35101, label %735 i32 35102, label %735 i32 35105, label %735 i32 35106, label %735 i32 35103, label %735 i32 35104, label %735 i32 35111, label %735 i32 35108, label %735 i32 35121, label %735 i32 35122, label %735 i32 35123, label %735 i32 35093, label %735 i32 35094, label %735 i32 35127, label %735 i32 35126, label %735 i32 35097, label %735 i32 35098, label %735 i32 35095, label %735 i32 35096, label %735 i32 35099, label %735 i32 35100, label %735 i32 35124, label %735 i32 35125, label %735 i32 35138, label %735 i32 35139, label %735 i32 35234, label %735 i32 35235, label %735 i32 35088, label %735 i32 35107, label %735 i32 35143, label %735 i32 35144, label %735 i32 35145, label %735 i32 35216, label %735 i32 35217, label %735 i32 35218, label %735 i32 35221, label %735 i32 35157, label %771 i32 35156, label %771 i32 35155, label %771 i32 35147, label %771 i32 35077, label %771 ] %108 = inttoptr i64 %35 to %struct.compat_ifreq* %109 = getelementptr inbounds %struct.ifreq, %struct.ifreq* %10, i64 0, i32 0, i32 0, i64 0 %111 = getelementptr inbounds %struct.compat_ifreq, %struct.compat_ifreq* %108, i64 0, i32 1, i32 0, i32 0 %112 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %111, i64 4, i64 %110) #6, !srcloc !8 %113 = extractvalue { i32*, i64, i64 } %112, 0 %114 = extractvalue { i32*, i64, i64 } %112, 2 %115 = ptrtoint i32* %113 to i64 %116 = and i64 %115, 4294967295 %117 = icmp eq i64 %116, 0 br i1 %117, label %118, label %373, !prof !5, !misexpect !6 %119 = extractvalue { i32*, i64, i64 } %112, 1 %120 = and i64 %119, 4294967295 %121 = inttoptr i64 %120 to i8* %123 = inttoptr i64 %120 to i32* %124 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %123, i64 4, i64 %122) #6, !srcloc !9 %125 = extractvalue { i32*, i64, i64 } %124, 0 %126 = extractvalue { i32*, i64, i64 } %124, 1 %127 = extractvalue { i32*, i64, i64 } %124, 2 %128 = ptrtoint i32* %125 to i64 %129 = trunc i64 %126 to i32 %130 = and i64 %128, 4294967295 %131 = icmp eq i64 %130, 0 br i1 %131, label %132, label %373, !prof !5, !misexpect !6 switch i32 %129, label %160 [ i32 48, label %133 i32 45, label %150 i32 46, label %150 i32 47, label %150 i32 50, label %150 i32 49, label %153 ] %135 = getelementptr inbounds i8, i8* %121, i64 176 %136 = bitcast i8* %135 to i32* %137 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %136, i64 4, i64 %134) #6, !srcloc !10 %138 = extractvalue { i32*, i64, i64 } %137, 0 %139 = extractvalue { i32*, i64, i64 } %137, 1 %140 = extractvalue { i32*, i64, i64 } %137, 2 %141 = ptrtoint i32* %138 to i64 %142 = trunc i64 %139 to i32 %143 = and i64 %141, 4294967295 %144 = icmp eq i64 %143, 0 br i1 %144, label %145, label %373, !prof !5, !misexpect !6 %146 = and i64 %139, 4294967295 %147 = icmp ugt i64 %146, 1048576 br i1 %147, label %373, label %148 %149 = shl nuw nsw i64 %146, 2 br label %150 %151 = phi i32 [ 0, %132 ], [ 0, %132 ], [ 0, %132 ], [ 0, %132 ], [ %142, %148 ] %152 = phi i64 [ 0, %132 ], [ 0, %132 ], [ 0, %132 ], [ 0, %132 ], [ %149, %148 ] br label %153 %154 = phi i32 [ 0, %132 ], [ %151, %150 ] %155 = phi i64 [ 0, %132 ], [ %152, %150 ] %156 = phi i1 [ false, %132 ], [ true, %150 ] %157 = add nuw nsw i64 %155, 192 %158 = tail call i8* @compat_alloc_user_space(i64 %157) #69 ------------- Use: =BAD PATH= Call Stack: 0 snd_hwdep_ioctl_compat ------------- Path:  Function:snd_hwdep_ioctl_compat %4 = alloca %struct.snd_hwdep_dsp_image, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.snd_hwdep** %7 = load %struct.snd_hwdep*, %struct.snd_hwdep** %6, align 8 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* switch i32 %1, label %114 [ i32 -2147203072, label %10 i32 -2133047295, label %10 i32 -2143270910, label %10 i32 1079003139, label %12 ] %13 = inttoptr i64 %8 to %struct.snd_hwdep_dsp_image32* %14 = tail call i8* @compat_alloc_user_space(i64 96) #70 ------------- Use: =BAD PATH= Call Stack: 0 snd_ctl_ioctl_compat ------------- Path:  Function:snd_ctl_ioctl_compat %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = and i64 %2, 4294967295 %9 = inttoptr i64 %8 to i8* %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.snd_ctl_file** %12 = load %struct.snd_ctl_file*, %struct.snd_ctl_file** %11, align 8 %13 = icmp eq %struct.snd_ctl_file* %12, null br i1 %13, label %305, label %14, !prof !4 %15 = getelementptr inbounds %struct.snd_ctl_file, %struct.snd_ctl_file* %12, i64 0, i32 1 %16 = load %struct.snd_card*, %struct.snd_card** %15, align 8 %17 = icmp eq %struct.snd_card* %16, null br i1 %17, label %305, label %18, !prof !4, !misexpect !5 switch i32 %1, label %284 [ i32 -2147199744, label %19 i32 -2122820351, label %19 i32 -1073457898, label %19 i32 -1073457712, label %19 i32 -2147199535, label %19 i32 1077957908, label %19 i32 1077957909, label %19 i32 -1069525735, label %19 i32 -1073195750, label %19 i32 -1073195749, label %19 i32 -1073195748, label %19 i32 -1069001456, label %21 i32 -1055894255, label %77 i32 -1027320558, label %164 i32 -1027320557, label %247 i32 -1055894249, label %276 i32 -1055894248, label %280 ] %22 = inttoptr i64 %8 to %struct.snd_ctl_elem_list32* %23 = tail call i8* @compat_alloc_user_space(i64 80) #70 ------------- Use: =BAD PATH= Call Stack: 0 compat_i915_getparam 1 i915_compat_ioctl ------------- Path:  Function:i915_compat_ioctl %4 = and i32 %1, 255 %5 = add nsw i32 %4, -64 %6 = icmp ugt i32 %5, 95 br i1 %6, label %7, label %9 %10 = icmp ult i32 %4, 71 %11 = icmp eq i32 %5, 6 %12 = and i1 %10, %11 br i1 %12, label %13, label %15 %14 = tail call fastcc i32 @compat_i915_getparam(%struct.file.391273* %0, i32 %1, i64 %2) #69 Function:compat_i915_getparam %4 = alloca %struct.util_est, align 4 %5 = bitcast %struct.util_est* %4 to i8* %6 = inttoptr i64 %2 to i8* %7 = call i64 @_copy_from_user(i8* nonnull %5, i8* %6, i64 8) #69 %8 = icmp eq i64 %7, 0 br i1 %8, label %9, label %33 %10 = call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 fb_compat_ioctl ------------- Path:  Function:fb_compat_ioctl %4 = alloca %struct.fb_fix_screeninfo, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr inbounds %struct.inode, %struct.inode* %6, i64 0, i32 13 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 1048575 %10 = zext i32 %9 to i64 %11 = getelementptr [32 x %struct.fb_info.302890*], [32 x %struct.fb_info.302890*]* @registered_fb, i64 0, i64 %10 %12 = load %struct.fb_info.302890*, %struct.fb_info.302890** %11, align 8 %13 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %14 = bitcast i8** %13 to %struct.fb_info.302890** %15 = load %struct.fb_info.302890*, %struct.fb_info.302890** %14, align 8 %16 = icmp ne %struct.fb_info.302890* %12, %15 %17 = icmp eq %struct.fb_info.302890* %12, null %18 = or i1 %17, %16 br i1 %18, label %243, label %19 switch i32 %1, label %234 [ i32 17920, label %20 i32 17921, label %20 i32 17926, label %20 i32 17935, label %20 i32 17936, label %20 i32 17937, label %22 i32 17922, label %25 i32 17924, label %115 i32 17925, label %115 ] %116 = tail call i8* @compat_alloc_user_space(i64 40) #70 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.284445, %struct.gendisk.284445* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.284395*, %struct.block_device_operations.284395** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.284395, %struct.block_device_operations.284395* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.284446*, i32, i32, i64)*, i32 (%struct.block_device.284446*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.284446*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %368 = tail call i8* @compat_alloc_user_space(i64 64) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.284445, %struct.gendisk.284445* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.284395*, %struct.block_device_operations.284395** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.284395, %struct.block_device_operations.284395* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.284446*, i32, i32, i64)*, i32 (%struct.block_device.284446*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.284446*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %328 = tail call i8* @compat_alloc_user_space(i64 24) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.284445, %struct.gendisk.284445* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.284395*, %struct.block_device_operations.284395** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.284395, %struct.block_device_operations.284395* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.284446*, i32, i32, i64)*, i32 (%struct.block_device.284446*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.284446*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %306 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %121 = and i64 %2, 4294967295 %122 = inttoptr i64 %121 to %struct.ist_info* %123 = tail call i8* @compat_alloc_user_space(i64 24) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %92 = tail call i8* @compat_alloc_user_space(i64 80) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %56 = tail call i8* @compat_alloc_user_space(i64 72) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_quotactl32 ------------- Path:  Function:__ia32_compat_sys_quotactl32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = lshr i32 %12, 8 switch i32 %16, label %212 [ i32 8388615, label %17 i32 8388616, label %55 i32 22533, label %91 ] %18 = tail call i8* @compat_alloc_user_space(i64 72) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %842 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %669 = tail call i8* @compat_alloc_user_space(i64 48) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %666 = tail call i8* @compat_alloc_user_space(i64 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %597 = inttoptr i64 %8 to %struct.compat_sg_req_info* %598 = tail call i8* @compat_alloc_user_space(i64 384) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %340 = inttoptr i64 %8 to %struct.sg_io_hdr32* %342 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 0 %343 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %342, i64 4, i64 %341) #6, !srcloc !20 %344 = extractvalue { i32*, i64, i64 } %343, 0 %345 = extractvalue { i32*, i64, i64 } %343, 2 %346 = ptrtoint i32* %344 to i64 %347 = and i64 %346, 4294967295 %348 = icmp eq i64 %347, 0 br i1 %348, label %349, label %593, !prof !9, !misexpect !10 %350 = extractvalue { i32*, i64, i64 } %343, 1 %351 = trunc i64 %350 to i32 %352 = icmp eq i32 %351, 83 br i1 %352, label %359, label %353 %361 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 4 %362 = tail call { i16*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i16* %361, i64 2, i64 %360) #6, !srcloc !21 %363 = extractvalue { i16*, i64, i64 } %362, 0 %364 = extractvalue { i16*, i64, i64 } %362, 1 %365 = extractvalue { i16*, i64, i64 } %362, 2 %366 = ptrtoint i16* %363 to i64 %367 = trunc i64 %364 to i16 %368 = and i64 %366, 4294967295 %369 = icmp eq i64 %368, 0 br i1 %369, label %370, label %593, !prof !9, !misexpect !10 %371 = tail call i8* @compat_alloc_user_space(i64 0) #69 %372 = shl i64 %364, 4 %373 = and i64 %372, 1048560 %374 = add nuw nsw i64 %373, 88 %375 = tail call i8* @compat_alloc_user_space(i64 %374) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %340 = inttoptr i64 %8 to %struct.sg_io_hdr32* %342 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 0 %343 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %342, i64 4, i64 %341) #6, !srcloc !20 %344 = extractvalue { i32*, i64, i64 } %343, 0 %345 = extractvalue { i32*, i64, i64 } %343, 2 %346 = ptrtoint i32* %344 to i64 %347 = and i64 %346, 4294967295 %348 = icmp eq i64 %347, 0 br i1 %348, label %349, label %593, !prof !9, !misexpect !10 %350 = extractvalue { i32*, i64, i64 } %343, 1 %351 = trunc i64 %350 to i32 %352 = icmp eq i32 %351, 83 br i1 %352, label %359, label %353 %361 = getelementptr inbounds %struct.sg_io_hdr32, %struct.sg_io_hdr32* %340, i64 0, i32 4 %362 = tail call { i16*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i16* %361, i64 2, i64 %360) #6, !srcloc !21 %363 = extractvalue { i16*, i64, i64 } %362, 0 %364 = extractvalue { i16*, i64, i64 } %362, 1 %365 = extractvalue { i16*, i64, i64 } %362, 2 %366 = ptrtoint i16* %363 to i64 %367 = trunc i64 %364 to i16 %368 = and i64 %366, 4294967295 %369 = icmp eq i64 %368, 0 br i1 %369, label %370, label %593, !prof !9, !misexpect !10 %371 = tail call i8* @compat_alloc_user_space(i64 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %291 = inttoptr i64 %8 to %struct.compat_sock_fprog* %292 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %242 = inttoptr i64 %8 to %struct.kernel_symbol* %243 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %195 = inttoptr i64 %8 to i8* switch i32 %10, label %888 [ i32 -2146929601, label %196 i32 1074558029, label %241 i32 1074295879, label %290 i32 1074295878, label %290 i32 8837, label %339 i32 8838, label %596 i32 1074006315, label %886 i32 2345, label %886 i32 -2147192821, label %841 i32 1074032652, label %841 i32 -2147192819, label %841 i32 1074032654, label %841 i32 2338, label %886 i32 2344, label %886 i32 -2147193597, label %665 i32 -2145620734, label %668 ] %197 = inttoptr i64 %8 to %struct.util_est* %198 = tail call i8* @compat_alloc_user_space(i64 16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %20 = inttoptr i64 %8 to %struct.space_resv_32* %21 = tail call i8* @compat_alloc_user_space(i64 48) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_move_pages ------------- Path:  Function:__ia32_compat_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %9 to i32* %21 = inttoptr i64 %12 to i32* %22 = inttoptr i64 %15 to i32* %23 = trunc i64 %17 to i32 %24 = shl nuw nsw i64 %6, 3 %25 = tail call i8* @compat_alloc_user_space(i64 %24) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 %35 = bitcast i8* %34 to i64* %36 = lshr i64 %20, 6 %37 = getelementptr i64, i64* %35, i64 %36 %38 = select i1 %30, i64* null, i64* %37 %39 = call i64 @_copy_to_user(i8* %34, i8* nonnull %15, i64 %22) #69 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %64 %42 = phi i64* [ %38, %29 ], [ null, %1 ] %43 = phi i64* [ %35, %29 ], [ null, %1 ] %44 = icmp eq i64 %12, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %47 = call i64 @compat_get_bitmap(i64* nonnull %46, i32* nonnull %14, i64 %19) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %64 %50 = icmp eq i64* %42, null br i1 %50, label %51, label %54 %52 = call i8* @compat_alloc_user_space(i64 %22) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_mbind ------------- Path:  Function:__ia32_compat_sys_mbind %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 4294967295 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %16 = load i64, i64* %15, align 8 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = trunc i64 %18 to i32 %20 = bitcast %struct.cpumask* %2 to i8* %21 = add i64 %16, 4294967295 %22 = and i64 %21, 4294967295 %23 = icmp ult i64 %22, 64 %24 = select i1 %23, i64 %22, i64 64 %25 = add nuw nsw i64 %24, 63 %26 = lshr i64 %25, 3 %27 = and i64 %26, 24 %28 = icmp eq i64 %14, 0 br i1 %28, label %39, label %29 %30 = inttoptr i64 %14 to i32* %31 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %32 = call i64 @compat_get_bitmap(i64* nonnull %31, i32* nonnull %30, i64 %24) #69 %33 = icmp eq i64 %32, 0 br i1 %33, label %34, label %43 %35 = call i8* @compat_alloc_user_space(i64 %27) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_set_mempolicy ------------- Path:  Function:__ia32_compat_sys_set_mempolicy %2 = alloca %struct.cpumask, align 8 %3 = alloca [1 x i64], align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %5 to i32 %12 = bitcast [1 x i64]* %3 to i8* %13 = add i64 %10, 4294967295 %14 = and i64 %13, 4294967295 %15 = icmp ult i64 %14, 64 %16 = select i1 %15, i64 %14, i64 64 %17 = add nuw nsw i64 %16, 63 %18 = lshr i64 %17, 3 %19 = and i64 %18, 24 %20 = icmp eq i64 %8, 0 br i1 %20, label %31, label %21 %22 = inttoptr i64 %8 to i32* %23 = getelementptr inbounds [1 x i64], [1 x i64]* %3, i64 0, i64 0 %24 = call i64 @compat_get_bitmap(i64* nonnull %23, i32* nonnull %22, i64 %16) #69 %25 = icmp eq i64 %24, 0 br i1 %25, label %26, label %54 %27 = call i8* @compat_alloc_user_space(i64 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_mempolicy ------------- Path:  Function:__ia32_compat_sys_get_mempolicy %2 = alloca [1 x i64], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 4294967295 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = inttoptr i64 %5 to i32* %18 = inttoptr i64 %8 to i32* %19 = bitcast [1 x i64]* %2 to i8* %20 = add i64 %10, 4294967295 %21 = and i64 %20, 4294967295 %22 = load i32, i32* @nr_node_ids, align 4 %23 = zext i32 %22 to i64 %24 = icmp ult i64 %21, %23 %25 = select i1 %24, i64 %21, i64 %23 %26 = add nuw nsw i64 %25, 63 %27 = lshr i64 %26, 3 %28 = and i64 %27, 1073741816 %29 = icmp ne i64 %8, 0 br i1 %29, label %30, label %33 %31 = tail call i8* @compat_alloc_user_space(i64 %28) #69 ------------- Good: 3 Bad: 32 Ignored: 154 Check Use of Function:static_key_slow_dec Check Use of Function:snapshot_image_loaded Check Use of Function:generic_swapfile_activate Check Use of Function:__ext4_journal_start_sb Check Use of Function:security_sb_pivotroot Check Use of Function:sr_check_events Check Use of Function:perf_event_alloc Check Use of Function:proc_attr_dir_lookup Check Use of Function:drm_file_free Check Use of Function:fsnotify Check Use of Function:release_dentry_name_snapshot Check Use of Function:xt_compat_init_offsets Check Use of Function:security_vm_enough_memory_mm Use: =BAD PATH= Call Stack: 0 __shmem_file_setup 1 shmem_zero_setup 2 mmap_zero ------------- Path:  Function:mmap_zero %3 = getelementptr inbounds %struct.vm_area_struct.348041, %struct.vm_area_struct.348041* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %9, label %7 %8 = tail call i32 bitcast (i32 (%struct.vm_area_struct.112802*)* @shmem_zero_setup to i32 (%struct.vm_area_struct.348041*)*)(%struct.vm_area_struct.348041* %1) #69 Function:shmem_zero_setup %2 = getelementptr inbounds %struct.vm_area_struct.112802, %struct.vm_area_struct.112802* %0, i64 0, i32 1 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.vm_area_struct.112802, %struct.vm_area_struct.112802* %0, i64 0, i32 0 %5 = load i64, i64* %4, align 8 %6 = sub i64 %3, %5 %7 = getelementptr inbounds %struct.vm_area_struct.112802, %struct.vm_area_struct.112802* %0, i64 0, i32 8 %8 = load i64, i64* %7, align 8 %9 = load %struct.vfsmount.112782*, %struct.vfsmount.112782** @shm_mnt, align 8 %10 = tail call fastcc %struct.file.112786* @__shmem_file_setup(%struct.vfsmount.112782* %9, i8* getelementptr inbounds ([9 x i8], [9 x i8]* @.str.3.12455, i64 0, i64 0), i64 %6, i64 %8, i32 512) #69 Function:__shmem_file_setup %6 = icmp ugt %struct.vfsmount.112782* %0, inttoptr (i64 -4096 to %struct.vfsmount.112782*) br i1 %6, label %7, label %9 %10 = icmp slt i64 %2, 0 br i1 %10, label %41, label %11 %12 = and i64 %3, 2097152 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %22 %15 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %15, i64 0, i32 33 %17 = load %struct.mm_struct.112799*, %struct.mm_struct.112799** %16, align 8 %18 = add nuw i64 %2, 4095 %19 = ashr i64 %18, 12 %20 = tail call i32 @security_vm_enough_memory_mm(%struct.mm_struct.112799* %17, i64 %19) #69 ------------- Good: 21 Bad: 1 Ignored: 26 Check Use of Function:proc_dostring Use: =BAD PATH= Call Stack: 0 proc_tcp_congestion_control ------------- Path:  Function:proc_tcp_congestion_control %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %0, i64 0, i32 1 %9 = load i8*, i8** %8, align 8 %10 = getelementptr i8, i8* %9, i64 -1288 %11 = bitcast i8* %10 to %struct.net.740189* %12 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %13 = bitcast %struct.ctl_table* %7 to i8* %14 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %12, i8** %14, align 8 %15 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %15, align 8 call void bitcast (void (%struct.net.719436*, i8*)* @tcp_get_default_congestion_control to void (%struct.net.740189*, i8*)*)(%struct.net.740189* %11, i8* nonnull %12) #69 %16 = call i32 @proc_dostring(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 set_default_qdisc ------------- Path:  Function:set_default_qdisc %6 = alloca [16 x i8], align 16 %7 = alloca %struct.ctl_table, align 8 %8 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %9 = bitcast %struct.ctl_table* %7 to i8* %10 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 1 store i8* %8, i8** %10, align 8 %11 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %7, i64 0, i32 2 store i32 16, i32* %11, align 8 call void @qdisc_get_default(i8* nonnull %8, i64 16) #69 %12 = call i32 @proc_dostring(%struct.ctl_table* nonnull %7, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 numa_zonelist_order_handler ------------- Path:  Function:numa_zonelist_order_handler %6 = icmp eq i32 %1, 0 br i1 %6, label %7, label %9 %8 = tail call i32 @proc_dostring(%struct.ctl_table* %0, i32 0, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 seccomp_actions_logged_handler ------------- Path:  Function:seccomp_actions_logged_handler %6 = alloca %struct.ctl_table, align 8 %7 = alloca [63 x i8], align 16 %8 = alloca i8*, align 8 %9 = alloca [63 x i8], align 16 %10 = alloca %struct.ctl_table, align 8 %11 = icmp eq i32 %1, 0 br i1 %11, label %169, label %12 %170 = getelementptr inbounds [63 x i8], [63 x i8]* %9, i64 0, i64 0 %171 = bitcast %struct.ctl_table* %6 to i8* %172 = load i32, i32* @seccomp_actions_logged, align 4 br label %173 %174 = phi i8** [ getelementptr inbounds ([9 x %struct.anon.107], [9 x %struct.anon.107]* @seccomp_log_names, i64 0, i64 0, i32 1), %169 ], [ %207, %202 ] %175 = phi i8 [ 0, %169 ], [ %205, %202 ] %176 = phi %struct.anon.107* [ getelementptr inbounds ([9 x %struct.anon.107], [9 x %struct.anon.107]* @seccomp_log_names, i64 0, i64 0), %169 ], [ %206, %202 ] %177 = phi i8* [ %170, %169 ], [ %204, %202 ] %178 = phi i64 [ 63, %169 ], [ %203, %202 ] %179 = getelementptr inbounds %struct.anon.107, %struct.anon.107* %176, i64 0, i32 0 %180 = load i32, i32* %179, align 8 %181 = and i32 %180, %172 %182 = icmp eq i32 %181, 0 br i1 %182, label %202, label %183 %184 = and i8 %175, 1 %185 = icmp eq i8 %184, 0 br i1 %185, label %192, label %186 %187 = call i64 @strscpy(i8* %177, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.14.10336, i64 0, i64 0), i64 %178) #69 %188 = icmp slt i64 %187, 0 br i1 %188, label %217, label %189 %190 = getelementptr i8, i8* %177, i64 %187 %191 = sub i64 %178, %187 br label %192 %193 = phi i64 [ %191, %189 ], [ %178, %183 ] %194 = phi i8* [ %190, %189 ], [ %177, %183 ] %195 = phi i8 [ %175, %189 ], [ 1, %183 ] %196 = load i8*, i8** %174, align 8 %197 = call i64 @strscpy(i8* %194, i8* %196, i64 %193) #69 %198 = icmp slt i64 %197, 0 br i1 %198, label %217, label %199 %200 = getelementptr i8, i8* %194, i64 %197 %201 = sub i64 %193, %197 br label %202 %203 = phi i64 [ %201, %199 ], [ %178, %173 ] %204 = phi i8* [ %200, %199 ], [ %177, %173 ] %205 = phi i8 [ %195, %199 ], [ %175, %173 ] %206 = getelementptr %struct.anon.107, %struct.anon.107* %176, i64 1 %207 = getelementptr %struct.anon.107, %struct.anon.107* %176, i64 1, i32 1 %208 = load i8*, i8** %207, align 8 %209 = icmp ne i8* %208, null %210 = icmp ne i64 %203, 0 %211 = and i1 %210, %209 br i1 %211, label %173, label %212 %213 = bitcast %struct.ctl_table* %0 to i8* %214 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 1 store i8* %170, i8** %214, align 8 %215 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %6, i64 0, i32 2 store i32 63, i32* %215, align 8 %216 = call i32 @proc_dostring(%struct.ctl_table* nonnull %6, i32 0, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 devkmsg_sysctl_set_loglvl ------------- Path:  Function:devkmsg_sysctl_set_loglvl %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds [10 x i8], [10 x i8]* %6, i64 0, i64 0 %8 = icmp eq i32 %1, 0 br i1 %8, label %9, label %11 %12 = load i32, i32* @devkmsg_log, align 4 %13 = and i32 %12, 4 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %36 %16 = call i8* @strncpy(i8* nonnull %7, i8* getelementptr inbounds ([10 x i8], [10 x i8]* @devkmsg_log_str, i64 0, i64 0), i64 10) #70 %17 = call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 devkmsg_sysctl_set_loglvl ------------- Path:  Function:devkmsg_sysctl_set_loglvl %6 = alloca [10 x i8], align 1 %7 = getelementptr inbounds [10 x i8], [10 x i8]* %6, i64 0, i64 0 %8 = icmp eq i32 %1, 0 br i1 %8, label %9, label %11 %10 = call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_dostring_coredump ------------- Path:  Function:proc_dostring_coredump %6 = tail call i32 @proc_dostring(%struct.ctl_table* %0, i32 %1, i8* %2, i64* %3, i64* %4) #69 ------------- Good: 11 Bad: 7 Ignored: 0 Check Use of Function:blk_rq_unmap_user Check Use of Function:proc_lookupfdinfo Check Use of Function:dev_change_carrier Check Use of Function:set_device_ro Check Use of Function:isofs_lookup Check Use of Function:pci_disable_device Check Use of Function:dev_set_mtu Check Use of Function:e1000e_phc_enable Check Use of Function:msdos_rename Check Use of Function:sd_pr_register Check Use of Function:vfs_mknod Check Use of Function:put_mountpoint Check Use of Function:mount_capable Check Use of Function:fs_context_for_reconfigure Check Use of Function:__tcf_qdisc_find Check Use of Function:dev_change_flags Check Use of Function:sd_pr_preempt Check Use of Function:__put_net Use: =BAD PATH= Call Stack: 0 seq_release_net ------------- Path:  Function:seq_release_net %3 = getelementptr inbounds %struct.file.168371, %struct.file.168371* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.168058** %5 = load %struct.seq_file.168058*, %struct.seq_file.168058** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.168058, %struct.seq_file.168058* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.seq_net_private** %8 = load %struct.seq_net_private*, %struct.seq_net_private** %7, align 8 %9 = getelementptr inbounds %struct.seq_net_private, %struct.seq_net_private* %8, i64 0, i32 0 %10 = load %struct.net.168292*, %struct.net.168292** %9, align 8 %11 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %10, i64 0, i32 1 %12 = getelementptr inbounds %union.anon.21, %union.anon.21* %11, i64 0, i32 0, i32 0 %13 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %12, i32 -1, i32* %12) #6, !srcloc !4 %14 = icmp eq i32 %13, 1 br i1 %14, label %20, label %15 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 single_release_net ------------- Path:  Function:single_release_net %3 = getelementptr inbounds %struct.file.168371, %struct.file.168371* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.168058** %5 = load %struct.seq_file.168058*, %struct.seq_file.168058** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.168058, %struct.seq_file.168058* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.net.168292** %8 = load %struct.net.168292*, %struct.net.168292** %7, align 8 %9 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %8, i64 0, i32 1 %10 = getelementptr inbounds %union.anon.21, %union.anon.21* %9, i64 0, i32 0, i32 0 %11 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %10, i32 -1, i32* %10) #6, !srcloc !4 %12 = icmp eq i32 %11, 1 br i1 %12, label %18, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_tgid_net_getattr ------------- Path:  Function:proc_tgid_net_getattr %5 = getelementptr inbounds %struct.path.168368, %struct.path.168368* %0, i64 0, i32 1 %6 = load %struct.dentry.168366*, %struct.dentry.168366** %5, align 8 %7 = getelementptr inbounds %struct.dentry.168366, %struct.dentry.168366* %6, i64 0, i32 5 %8 = load %struct.inode.168362*, %struct.inode.168362** %7, align 8 %9 = tail call fastcc %struct.net.168292* @get_proc_task_net(%struct.inode.168362* %8) #69 tail call void bitcast (void (%struct.inode.112777*, %struct.kstat*)* @generic_fillattr to void (%struct.inode.168362*, %struct.kstat*)*)(%struct.inode.168362* %8, %struct.kstat* %1) #70 %10 = icmp eq %struct.net.168292* %9, null br i1 %10, label %27, label %11 %12 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %9, i64 0, i32 17 %13 = load %struct.proc_dir_entry.168189*, %struct.proc_dir_entry.168189** %12, align 32 %14 = getelementptr inbounds %struct.proc_dir_entry.168189, %struct.proc_dir_entry.168189* %13, i64 0, i32 13 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.kstat, %struct.kstat* %1, i64 0, i32 2 store i32 %15, i32* %16, align 8 %17 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %9, i64 0, i32 1 %18 = getelementptr inbounds %union.anon.21, %union.anon.21* %17, i64 0, i32 0, i32 0 %19 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %18, i32 -1, i32* %18) #6, !srcloc !4 %20 = icmp eq i32 %19, 1 br i1 %20, label %26, label %21 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.168292*)*)(%struct.net.168292* nonnull %9) #70 ------------- Use: =BAD PATH= Call Stack: 0 put_fs_context 1 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context.138693** %5 = load %struct.fs_context.138693*, %struct.fs_context.138693** %4, align 8 %6 = icmp eq %struct.fs_context.138693* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.143997*)* @put_fs_context to void (%struct.fs_context.138693*)*)(%struct.fs_context.138693* nonnull %5) #69 Function:put_fs_context %2 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 5 %3 = load %struct.dentry.143994*, %struct.dentry.143994** %2, align 8 %4 = icmp eq %struct.dentry.143994* %3, null br i1 %4, label %8, label %5 %9 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 17 %10 = bitcast i24* %9 to i32* %11 = load i32, i32* %10, align 8 %12 = and i32 %11, 65536 %13 = icmp eq i32 %12, 0 br i1 %13, label %23, label %14 %15 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 0 %16 = load %struct.fs_context_operations.143593*, %struct.fs_context_operations.143593** %15, align 8 %17 = icmp eq %struct.fs_context_operations.143593* %16, null br i1 %17, label %23, label %18 %19 = getelementptr inbounds %struct.fs_context_operations.143593, %struct.fs_context_operations.143593* %16, i64 0, i32 0 %20 = load void (%struct.fs_context.143997*)*, void (%struct.fs_context.143997*)** %19, align 8 %21 = icmp eq void (%struct.fs_context.143997*)* %20, null br i1 %21, label %23, label %22 %24 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 11 tail call void @security_free_mnt_opts(i8** %24) #69 %25 = getelementptr inbounds %struct.fs_context.143997, %struct.fs_context.143997* %0, i64 0, i32 7 %26 = load %struct.net.49803*, %struct.net.49803** %25, align 8 %27 = getelementptr inbounds %struct.net.49803, %struct.net.49803* %26, i64 0, i32 1 %28 = getelementptr inbounds %union.anon.21, %union.anon.21* %27, i64 0, i32 0, i32 0 %29 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %28, i32 -1, i32* %28) #6, !srcloc !4 %30 = icmp eq i32 %29, 1 br i1 %30, label %36, label %31 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void bitcast (void (%struct.net.651059*)* @__put_net to void (%struct.net.49803*)*)(%struct.net.49803* %26) #69 ------------- Good: 74 Bad: 4 Ignored: 94 Check Use of Function:ksys_sync_helper Check Use of Function:d_move Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 ------------- Good: 4 Bad: 3 Ignored: 3 Check Use of Function:unregister_netdevice_many Check Use of Function:pci_config_pm_runtime_put Check Use of Function:kthread_create_on_node Check Use of Function:ksys_fchown Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchown ------------- Path:  Function:__ia32_sys_fchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @ksys_fchown(i32 %8, i32 %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchown ------------- Path:  Function:__x64_sys_fchown %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = trunc i64 %7 to i32 %11 = tail call i32 @ksys_fchown(i32 %8, i32 %9, i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_fchown16 ------------- Path:  Function:__x64_sys_fchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i16 %10 = trunc i64 %7 to i16 %11 = trunc i64 %5 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %7 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @ksys_fchown(i32 %8, i32 %14, i32 %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_fchown16 ------------- Path:  Function:__ia32_sys_fchown16 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i16 %10 = trunc i64 %7 to i16 %11 = trunc i64 %5 to i32 %12 = and i32 %11, 65535 %13 = icmp eq i16 %9, -1 %14 = select i1 %13, i32 -1, i32 %12 %15 = trunc i64 %7 to i32 %16 = and i32 %15, 65535 %17 = icmp eq i16 %10, -1 %18 = select i1 %17, i32 -1, i32 %16 %19 = tail call i32 @ksys_fchown(i32 %8, i32 %14, i32 %18) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:ext4_create Check Use of Function:mq_select_queue Check Use of Function:qdisc_put_unlocked Check Use of Function:security_task_fix_setuid Check Use of Function:netdev_master_upper_dev_get Check Use of Function:tracefs_syscall_rmdir Check Use of Function:blk_queue_flag_clear Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.anon.193.488450, align 1 %8 = getelementptr %struct.device.528214, %struct.device.528214* %0, i64 -1, i32 36 %9 = bitcast %struct.iommu_param** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 1 %11 = bitcast %struct.iommu_param** %10 to %struct.scsi_device.528231** %12 = load %struct.scsi_device.528231*, %struct.scsi_device.528231** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.anon.193.488450, %struct.anon.193.488450* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.528231, %struct.scsi_device.528231* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %120 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %29 = bitcast [3 x i8]* %28 to i24* %30 = load i24, i24* %29, align 1 %31 = and i24 %30, -3 store i24 %31, i24* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #70 %35 = icmp slt i32 %34, 0 br i1 %35, label %120, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %48 = bitcast [3 x i8]* %47 to i24* %49 = load i24, i24* %48, align 1 %50 = and i24 %49, 2 %51 = icmp eq i24 %50, 0 br i1 %51, label %69, label %52 %53 = trunc i32 %46 to i24 %54 = shl nuw nsw i24 %53, 2 %55 = and i24 %49, -13 %56 = or i24 %55, %54 %57 = trunc i32 %34 to i24 %58 = shl i24 %57, 3 %59 = and i24 %58, 8 %60 = or i24 %56, %59 store i24 %60, i24* %48, align 1 %61 = icmp ne i24 %53, 0 %62 = and i24 %56, 20 %63 = icmp eq i24 %62, 20 %64 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 92 %65 = bitcast %struct.iommu_param** %64 to %struct.gendisk.528009** %66 = load %struct.gendisk.528009*, %struct.gendisk.528009** %65, align 8 %67 = getelementptr inbounds %struct.gendisk.528009, %struct.gendisk.528009* %66, i64 0, i32 10 %68 = load %struct.request_queue.528005*, %struct.request_queue.528005** %67, align 8 tail call void bitcast (void (%struct.request_queue.274422*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.528005*, i1, i1)*)(%struct.request_queue.528005* %68, i1 zeroext %61, i1 zeroext %63) #70 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.274422*)*)(i32 17, %struct.request_queue.274422* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.anon.193.488450, align 1 %8 = getelementptr %struct.device.528214, %struct.device.528214* %0, i64 -1, i32 36 %9 = bitcast %struct.iommu_param** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 1 %11 = bitcast %struct.iommu_param** %10 to %struct.scsi_device.528231** %12 = load %struct.scsi_device.528231*, %struct.scsi_device.528231** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.anon.193.488450, %struct.anon.193.488450* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.528231, %struct.scsi_device.528231* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %120 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %29 = bitcast [3 x i8]* %28 to i24* %30 = load i24, i24* %29, align 1 %31 = and i24 %30, -3 store i24 %31, i24* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #70 %35 = icmp slt i32 %34, 0 br i1 %35, label %120, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %48 = bitcast [3 x i8]* %47 to i24* %49 = load i24, i24* %48, align 1 %50 = and i24 %49, 2 %51 = icmp eq i24 %50, 0 br i1 %51, label %69, label %52 %53 = trunc i32 %46 to i24 %54 = shl nuw nsw i24 %53, 2 %55 = and i24 %49, -13 %56 = or i24 %55, %54 %57 = trunc i32 %34 to i24 %58 = shl i24 %57, 3 %59 = and i24 %58, 8 %60 = or i24 %56, %59 store i24 %60, i24* %48, align 1 %61 = icmp ne i24 %53, 0 %62 = and i24 %56, 20 %63 = icmp eq i24 %62, 20 %64 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 92 %65 = bitcast %struct.iommu_param** %64 to %struct.gendisk.528009** %66 = load %struct.gendisk.528009*, %struct.gendisk.528009** %65, align 8 %67 = getelementptr inbounds %struct.gendisk.528009, %struct.gendisk.528009* %66, i64 0, i32 10 %68 = load %struct.request_queue.528005*, %struct.request_queue.528005** %67, align 8 tail call void bitcast (void (%struct.request_queue.274422*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.528005*, i1, i1)*)(%struct.request_queue.528005* %68, i1 zeroext %61, i1 zeroext %63) #70 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.274422*)*)(i32 17, %struct.request_queue.274422* %0) #69 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.274422*)*)(i32 18, %struct.request_queue.274422* %0) #69 ------------- Good: 43 Bad: 2 Ignored: 76 Check Use of Function:ipip6_dellink Check Use of Function:do_add_mount Check Use of Function:serial8250_config_port Check Use of Function:dm_pr_reserve Check Use of Function:amd_set_subcaches Check Use of Function:mnt_clone_internal Check Use of Function:alloc_workqueue Check Use of Function:fib_new_table Check Use of Function:ihold Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 simple_link ------------- Path:  Function:simple_link %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %5 = load %struct.inode.139773*, %struct.inode.139773** %4, align 8 %6 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %5, i64 0, i32 17 %7 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 17 %8 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16 %9 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 %10 = extractvalue { i64, i64 } %9, 0 %11 = extractvalue { i64, i64 } %9, 1 %12 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16, i32 0 store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16, i32 1 store i64 %11, i64* %13, align 8 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast %struct.anon.54* %8 to i8* %16 = bitcast %struct.anon.54* %6 to i8* tail call void bitcast (void (%struct.inode.136922*)* @inc_nlink to void (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 simple_link ------------- Path:  Function:simple_link %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %0, i64 0, i32 5 %5 = load %struct.inode.139773*, %struct.inode.139773** %4, align 8 %6 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %5, i64 0, i32 17 %7 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 17 %8 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16 %9 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 %10 = extractvalue { i64, i64 } %9, 0 %11 = extractvalue { i64, i64 } %9, 1 %12 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16, i32 0 store i64 %10, i64* %12, align 8 %13 = getelementptr inbounds %struct.inode.139773, %struct.inode.139773* %1, i64 0, i32 16, i32 1 store i64 %11, i64* %13, align 8 %14 = bitcast %struct.anon.54* %7 to i8* %15 = bitcast %struct.anon.54* %8 to i8* %16 = bitcast %struct.anon.54* %6 to i8* tail call void bitcast (void (%struct.inode.136922*)* @inc_nlink to void (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.139773*)*)(%struct.inode.139773* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmem_link ------------- Path:  Function:shmem_link %4 = getelementptr inbounds %struct.dentry.112781, %struct.dentry.112781* %0, i64 0, i32 5 %5 = load %struct.inode.112777*, %struct.inode.112777** %4, align 8 %6 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %5, i64 0, i32 12, i32 0 %7 = load i32, i32* %6, align 8 %8 = icmp eq i32 %7, 0 br i1 %8, label %29, label %9 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %5, i64 0, i32 8 %11 = load %struct.super_block.112763*, %struct.super_block.112763** %10, align 8 %12 = getelementptr inbounds %struct.super_block.112763, %struct.super_block.112763* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.shmem_sb_info** %14 = load %struct.shmem_sb_info*, %struct.shmem_sb_info** %13, align 32 %15 = getelementptr inbounds %struct.shmem_sb_info, %struct.shmem_sb_info* %14, i64 0, i32 2 %16 = load i64, i64* %15, align 8 %17 = icmp eq i64 %16, 0 br i1 %17, label %29, label %18 %19 = getelementptr inbounds %struct.shmem_sb_info, %struct.shmem_sb_info* %14, i64 0, i32 4 %20 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %19, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %20) #69 %21 = getelementptr inbounds %struct.shmem_sb_info, %struct.shmem_sb_info* %14, i64 0, i32 3 %22 = load i64, i64* %21, align 8 %23 = icmp eq i64 %22, 0 br i1 %23, label %27, label %24 %25 = add i64 %22, -1 store i64 %25, i64* %21, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %26 = bitcast %struct.spinlock* %19 to i8* store volatile i8 0, i8* %26, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 br label %29 %30 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %1, i64 0, i32 14 %31 = load i64, i64* %30, align 8 %32 = add i64 %31, 20 store i64 %32, i64* %30, align 8 %33 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %5, i64 0, i32 17 %34 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %1, i64 0, i32 17 %35 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %1, i64 0, i32 16 %36 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.112777*)*)(%struct.inode.112777* %5) #69 %37 = extractvalue { i64, i64 } %36, 0 %38 = extractvalue { i64, i64 } %36, 1 %39 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %1, i64 0, i32 16, i32 0 store i64 %37, i64* %39, align 8 %40 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %1, i64 0, i32 16, i32 1 store i64 %38, i64* %40, align 8 %41 = bitcast %struct.anon.54* %34 to i8* %42 = bitcast %struct.anon.54* %35 to i8* %43 = bitcast %struct.anon.54* %33 to i8* tail call void bitcast (void (%struct.inode.136922*)* @inc_nlink to void (%struct.inode.112777*)*)(%struct.inode.112777* %5) #69 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.112777*)*)(%struct.inode.112777* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 bd_acquire 1 blkdev_open ------------- Path:  Function:blkdev_open %3 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %1, i64 0, i32 7 %4 = load i32, i32* %3, align 8 %5 = or i32 %4, 32768 store i32 %5, i32* %3, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %1, i64 0, i32 8 %7 = load i32, i32* %6, align 4 %8 = and i32 %4, 2048 %9 = icmp eq i32 %8, 0 %10 = select i1 %9, i32 134217728, i32 134217792 %11 = or i32 %10, %7 %12 = and i32 %4, 128 %13 = or i32 %12, %11 %14 = and i32 %4, 3 %15 = icmp eq i32 %14, 3 %16 = or i32 %13, 256 %17 = select i1 %15, i32 %16, i32 %13 store i32 %17, i32* %6, align 4 %18 = tail call fastcc %struct.block_device.112609* @bd_acquire(%struct.inode.112777* %0) #69 Function:bd_acquire tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @bdev_lock, i64 0, i32 0, i32 0)) #69 %2 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %0, i64 0, i32 43 %3 = bitcast %union.anon.104.112776* %2 to %struct.block_device.112609** %4 = load %struct.block_device.112609*, %struct.block_device.112609** %3, align 8 %5 = icmp eq %struct.block_device.112609* %4, null br i1 %5, label %28, label %6 %7 = getelementptr inbounds %struct.block_device.112609, %struct.block_device.112609* %4, i64 0, i32 2 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %8, i64 0, i32 27, i32 1 %10 = load %struct.hlist_node**, %struct.hlist_node*** %9, align 8 %11 = icmp eq %struct.hlist_node** %10, null br i1 %11, label %13, label %12 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.112777*)*)(%struct.inode.112777* %8) #69 ------------- Good: 24 Bad: 7 Ignored: 9 Check Use of Function:fsnotify_get_cookie Check Use of Function:static_key_slow_inc Check Use of Function:cgroup_free_root Check Use of Function:ring_buffer_unlock_commit Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 br label %70 %71 = getelementptr inbounds i8, i8* %69, i64 8 %72 = bitcast i8* %71 to i64* store i64 ptrtoint (i8* blockaddress(@tracing_mark_write, %70) to i64), i64* %72, align 8 %73 = getelementptr inbounds i8, i8* %69, i64 16 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %20, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %80, label %79 %81 = phi i64 [ -14, %79 ], [ %17, %70 ] %82 = phi i64 [ 9, %79 ], [ %17, %70 ] %83 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 25 %84 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %85 = icmp eq %struct.trace_event_file.96777* %84, null br i1 %85, label %96, label %86 %87 = getelementptr inbounds %struct.trace_event_file.96777, %struct.trace_event_file.96777* %84, i64 0, i32 6 %88 = bitcast %struct.list_head* %87 to i64* %89 = load volatile i64, i64* %88, align 8 %90 = inttoptr i64 %89 to %struct.list_head* %91 = icmp eq %struct.list_head* %87, %90 br i1 %91, label %96, label %92 %97 = phi i32 [ 0, %86 ], [ %95, %92 ], [ 0, %80 ] %98 = add nsw i64 %82, -1 %99 = getelementptr i8, i8* %73, i64 %98 %100 = load i8, i8* %99, align 1 %101 = icmp eq i8 %100, 10 %102 = getelementptr i8, i8* %73, i64 %82 br i1 %101, label %106, label %103 %107 = phi i8* [ %105, %103 ], [ %102, %96 ] store i8 0, i8* %107, align 1 call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %108 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %109 = icmp eq %struct.ring_buffer_event* %108, %27 br i1 %109, label %110, label %117 %118 = call i32 @ring_buffer_unlock_commit(%struct.ring_buffer* %24, %struct.ring_buffer_event* nonnull %27) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %34 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %35 = trunc i32 %29 to i8 %36 = getelementptr inbounds i8, i8* %33, i64 3 store i8 %35, i8* %36, align 1 %37 = icmp eq %struct.task_struct.96680* %34, null br i1 %37, label %41, label %38 %39 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 48 %40 = load i32, i32* %39, align 8 br label %41 %42 = phi i32 [ %40, %38 ], [ 0, %32 ] %43 = getelementptr inbounds i8, i8* %33, i64 4 %44 = bitcast i8* %43 to i32* store i32 %42, i32* %44, align 4 %45 = bitcast i8* %33 to i16* store i16 16, i16* %45, align 4 %46 = lshr i64 %22, 9 %47 = trunc i64 %46 to i32 %48 = and i32 %47, 1 %49 = lshr i32 %29, 14 %50 = and i32 %49, 64 %51 = or i32 %50, %48 %52 = and i32 %29, 983040 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i32 0, i32 8 %55 = lshr i32 %29, 4 %56 = and i32 %55, 16 %57 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 0, i32 0 %58 = load volatile i64, i64* %57, align 8 %59 = lshr i64 %58, 1 %60 = trunc i64 %59 to i32 %61 = and i32 %60, 4 %62 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %63 = lshr i32 %62, 26 %64 = and i32 %63, 32 %65 = or i32 %51, %56 %66 = or i32 %65, %54 %67 = or i32 %66, %61 %68 = or i32 %67, %64 %69 = trunc i32 %68 to i8 %70 = xor i8 %69, 33 %71 = getelementptr inbounds i8, i8* %33, i64 2 store i8 %70, i8* %71, align 2 %72 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %73 = getelementptr inbounds i8, i8* %72, i64 8 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %23, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %82, label %79 %83 = phi i64 [ -14, %79 ], [ %20, %41 ] call void asm "movb $1,%gs:$0", "=*m,qi,*m,~{dirflag},~{fpsr},~{flags}"(i8* nonnull @trace_taskinfo_save, i1 true, i8* nonnull @trace_taskinfo_save) #6, !srcloc !9 %84 = call %struct.ring_buffer_event* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.ring_buffer_event** nonnull @trace_buffered_event) #6, !srcloc !10 %85 = icmp eq %struct.ring_buffer_event* %84, %30 br i1 %85, label %86, label %93 %94 = call i32 @ring_buffer_unlock_commit(%struct.ring_buffer* %27, %struct.ring_buffer_event* nonnull %30) #69 ------------- Good: 58 Bad: 2 Ignored: 4706 Check Use of Function:__do_loopback Check Use of Function:uts_proc_notify Check Use of Function:chroot_fs_refs Check Use of Function:nfs_swap_deactivate Check Use of Function:proc_tgid_base_lookup Check Use of Function:cgroup_enter_frozen Check Use of Function:rfkill_set_block Check Use of Function:vfs_symlink Check Use of Function:add_to_avail_list Check Use of Function:blkdev_issue_discard Check Use of Function:rtnl_configure_link Check Use of Function:vfat_unlink Check Use of Function:set_blocksize Check Use of Function:dev_mc_del Check Use of Function:kernel_read_file_from_fd Check Use of Function:ida_alloc_range Check Use of Function:shmem_file_read_iter Check Use of Function:mtrr_add Check Use of Function:dm_blk_ioctl Check Use of Function:ext4_rename2 Check Use of Function:lookup_mnt Check Use of Function:xt_free_table_info Check Use of Function:nf_setsockopt Check Use of Function:init_cgroup_root Check Use of Function:sock_create_kern Check Use of Function:attach_recursive_mnt Check Use of Function:fd_install Check Use of Function:nfs_unlink Check Use of Function:bcmp Use: =BAD PATH= Call Stack: 0 proc_ns_dir_lookup ------------- Path:  Function:proc_ns_dir_lookup %4 = getelementptr %struct.inode.167235, %struct.inode.167235* %0, i64 -1, i32 41, i32 13 %5 = bitcast %struct.list_head* %4 to %struct.pid.167154** %6 = load %struct.pid.167154*, %struct.pid.167154** %5, align 8 %7 = tail call %struct.task_struct.167218* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.167218* (%struct.pid.167154*, i32)*)(%struct.pid.167154* %6, i32 0) #69 %8 = icmp eq %struct.task_struct.167218* %7, null br i1 %8, label %58, label %9 %10 = getelementptr inbounds %struct.dentry.167239, %struct.dentry.167239* %1, i64 0, i32 4 %11 = bitcast %struct.qstr* %10 to %struct.util_est* %12 = getelementptr inbounds %struct.util_est, %struct.util_est* %11, i64 0, i32 1 %13 = load i32, i32* %12, align 4 %14 = getelementptr inbounds %struct.dentry.167239, %struct.dentry.167239* %1, i64 0, i32 4, i32 1 %15 = zext i32 %13 to i64 br label %16 %17 = phi %struct.proc_ns_operations.167123** [ getelementptr inbounds ([7 x %struct.proc_ns_operations.167123*], [7 x %struct.proc_ns_operations.167123*]* @ns_entries, i64 0, i64 0), %9 ], [ %28, %27 ] %18 = load %struct.proc_ns_operations.167123*, %struct.proc_ns_operations.167123** %17, align 8 %19 = getelementptr inbounds %struct.proc_ns_operations.167123, %struct.proc_ns_operations.167123* %18, i64 0, i32 0 %20 = load i8*, i8** %19, align 8 %21 = tail call i64 @strlen(i8* %20) #70 %22 = icmp eq i64 %21, %15 br i1 %22, label %23, label %27 %24 = load i8*, i8** %14, align 8 %25 = tail call i32 @bcmp(i8* %24, i8* %20, i64 %15) ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.215549** %6 = load %struct.nfs_unlinkdata.215549*, %struct.nfs_unlinkdata.215549** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %7, align 8 %9 = icmp eq %struct.nfs4_slot.215544* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.215552** %7 = load %struct.nfs_renamedata.215552*, %struct.nfs_renamedata.215552** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %8, align 8 %10 = icmp eq %struct.nfs4_slot.215544* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %51 = load %struct.inode.195275*, %struct.inode.195275** %50, align 8 call void bitcast (void (%struct.inode.197661*)* @nfs_invalidate_atime to void (%struct.inode.195275*)*)(%struct.inode.195275* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %54 = bitcast {}** %53 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %55 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %62 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %41 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %41, i64 0, i32 5 %43 = bitcast %struct.nfs4_state.215561** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.195275** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %54, align 1 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %47 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %63 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %36 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %36, i64 0, i32 5 %38 = bitcast %struct.nfs4_state.215561** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.195275** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %49, align 1 %50 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %51 = load %struct.super_block.195272*, %struct.super_block.195272** %50, align 8 %52 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215528** %54 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %53, align 32 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %54, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.195275* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca [16 x %struct.page.195245*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.195245*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message.196909* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %46 = bitcast %struct.rpc_clnt.196924** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_xprt.196914** %47 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %51 = bitcast %struct.rpc_call_ops.196910** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %53 = bitcast i8** %52 to %struct.nfs4_call_sync_data** %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %57 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 18 %58 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %57, i64 0, i32 0, i32 0 %59 = getelementptr inbounds i64, i64* %17, i64 19 %60 = bitcast %struct.spinlock* %57 to i8* %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %62 %63 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %64 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.215528** %66 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %65, align 32 store i64* %18, i64** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page.195245** %22, %struct.page.195245*** %21, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 33), %struct.rpc_procinfo.196908** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %165, label %67 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %66, i64 0, i32 9 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, 8 %71 = icmp eq i32 %70, 0 %72 = or i1 %71, %34 %73 = select i1 %71, i32 -95, i32 -34 br i1 %72, label %165, label %74 %75 = phi i32 [ %98, %87 ], [ 0, %67 ] %76 = phi %struct.page.195245** [ %97, %87 ], [ %22, %67 ] %77 = phi i64 [ %96, %87 ], [ %2, %67 ] %78 = phi i8* [ %95, %87 ], [ %1, %67 ] %79 = icmp ult i64 %77, 4096 %80 = select i1 %79, i64 %77, i64 4096 %81 = call %struct.page.195245* bitcast (%struct.page.112623* (i32, i32)* @alloc_pages_current to %struct.page.195245* (i32, i32)*)(i32 3264, i32 0) #69 %82 = icmp eq %struct.page.195245* %81, null br i1 %82, label %83, label %87 %84 = icmp sgt i32 %75, 0 br i1 %84, label %85, label %165 %86 = zext i32 %75 to i64 br label %100 %101 = phi i64 [ %86, %85 ], [ %108, %100 ] %102 = phi i32 [ %75, %85 ], [ %103, %100 ] %103 = add nsw i32 %102, -1 %104 = zext i32 %103 to i64 %105 = getelementptr [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 %104 %106 = load %struct.page.195245*, %struct.page.195245** %105, align 8 call void bitcast (void (%struct.page.124433*, i32)* @__free_pages to void (%struct.page.195245*, i32)*)(%struct.page.195245* %106, i32 0) #69 %107 = icmp sgt i64 %101, 1 %108 = add nsw i64 %101, -1 br i1 %107, label %100, label %165 %166 = phi i32 [ %135, %162 ], [ -22, %62 ], [ %73, %67 ], [ %98, %109 ], [ -12, %83 ], [ -12, %100 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %189 [label %167], !srcloc !8 switch i32 %166, label %190 [ i32 -10039, label %199 i32 -10041, label %199 ] %191 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %192 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %191, i64 0, i32 28 %193 = bitcast i8** %192 to %struct.nfs_server.215528** %194 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %193, align 32 %195 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %194, i32 %166, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %106 = phi i32 [ %95, %103 ], [ -12, %68 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %107)) #6 to label %129 [label %107], !srcloc !4 %130 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %131 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %130, i64 0, i32 28 %132 = bitcast i8** %131 to %struct.nfs_server.215528** %133 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %132, align 32 %134 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %133, i32 %106, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.195245*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page.195245** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 1 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page.195245* %2, %struct.page.195245** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %98 [label %76], !srcloc !4 %99 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %100 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.215528** %102 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %101, align 32 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %102, i32 %75, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_match_stateid 1 nfs_async_inode_return_delegation 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %80 %81 = phi i32 [ 0, %58 ], [ %79, %78 ] %82 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %81, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 %44 = icmp eq %struct.inode.195275* %9, null br i1 %44, label %57, label %45 %46 = tail call i32 bitcast (i32 (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_async_inode_return_delegation to i32 (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* %37) #69 Function:nfs_async_inode_return_delegation %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %35, label %15 %16 = icmp eq %struct.nfs4_stateid_struct* %1, null br i1 %16, label %24, label %17 %18 = getelementptr inbounds %struct.nfs_client.220386, %struct.nfs_client.220386* %9, i64 0, i32 30 %19 = load %struct.nfs4_minor_version_ops.220382*, %struct.nfs4_minor_version_ops.220382** %18, align 8 %20 = getelementptr inbounds %struct.nfs4_minor_version_ops.220382, %struct.nfs4_minor_version_ops.220382* %19, i64 0, i32 4 %21 = load i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)*, i1 (%struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct*)** %20, align 8 %22 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3 %23 = tail call zeroext i1 %21(%struct.nfs4_stateid_struct* %22, %struct.nfs4_stateid_struct* nonnull %1) #69 Function:nfs4_match_stateid %3 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 4 %5 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 4 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %13 %9 = bitcast %struct.nfs4_stateid_struct* %0 to i8* %10 = bitcast %struct.nfs4_stateid_struct* %1 to i8* %11 = tail call i32 @bcmp(i8* dereferenceable(16) %9, i8* dereferenceable(16) %10, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.215549** %6 = load %struct.nfs_unlinkdata.215549*, %struct.nfs_unlinkdata.215549** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %7, align 8 %9 = icmp eq %struct.nfs4_slot.215544* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.215552** %7 = load %struct.nfs_renamedata.215552*, %struct.nfs_renamedata.215552** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %8, align 8 %10 = icmp eq %struct.nfs4_slot.215544* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %51 = load %struct.inode.195275*, %struct.inode.195275** %50, align 8 call void bitcast (void (%struct.inode.197661*)* @nfs_invalidate_atime to void (%struct.inode.195275*)*)(%struct.inode.195275* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %54 = bitcast {}** %53 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %55 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %62 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %41 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %41, i64 0, i32 5 %43 = bitcast %struct.nfs4_state.215561** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.195275** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %54, align 1 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %47 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %63 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %36 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %36, i64 0, i32 5 %38 = bitcast %struct.nfs4_state.215561** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.195275** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %49, align 1 %50 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %51 = load %struct.super_block.195272*, %struct.super_block.195272** %50, align 8 %52 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215528** %54 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %53, align 32 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %54, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.195275* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca [16 x %struct.page.195245*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.195245*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message.196909* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %46 = bitcast %struct.rpc_clnt.196924** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_xprt.196914** %47 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %51 = bitcast %struct.rpc_call_ops.196910** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %53 = bitcast i8** %52 to %struct.nfs4_call_sync_data** %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %57 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 18 %58 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %57, i64 0, i32 0, i32 0 %59 = getelementptr inbounds i64, i64* %17, i64 19 %60 = bitcast %struct.spinlock* %57 to i8* %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %62 %63 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %64 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.215528** %66 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %65, align 32 store i64* %18, i64** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page.195245** %22, %struct.page.195245*** %21, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 33), %struct.rpc_procinfo.196908** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %165, label %67 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %66, i64 0, i32 9 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, 8 %71 = icmp eq i32 %70, 0 %72 = or i1 %71, %34 %73 = select i1 %71, i32 -95, i32 -34 br i1 %72, label %165, label %74 %75 = phi i32 [ %98, %87 ], [ 0, %67 ] %76 = phi %struct.page.195245** [ %97, %87 ], [ %22, %67 ] %77 = phi i64 [ %96, %87 ], [ %2, %67 ] %78 = phi i8* [ %95, %87 ], [ %1, %67 ] %79 = icmp ult i64 %77, 4096 %80 = select i1 %79, i64 %77, i64 4096 %81 = call %struct.page.195245* bitcast (%struct.page.112623* (i32, i32)* @alloc_pages_current to %struct.page.195245* (i32, i32)*)(i32 3264, i32 0) #69 %82 = icmp eq %struct.page.195245* %81, null br i1 %82, label %83, label %87 %84 = icmp sgt i32 %75, 0 br i1 %84, label %85, label %165 %86 = zext i32 %75 to i64 br label %100 %101 = phi i64 [ %86, %85 ], [ %108, %100 ] %102 = phi i32 [ %75, %85 ], [ %103, %100 ] %103 = add nsw i32 %102, -1 %104 = zext i32 %103 to i64 %105 = getelementptr [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 %104 %106 = load %struct.page.195245*, %struct.page.195245** %105, align 8 call void bitcast (void (%struct.page.124433*, i32)* @__free_pages to void (%struct.page.195245*, i32)*)(%struct.page.195245* %106, i32 0) #69 %107 = icmp sgt i64 %101, 1 %108 = add nsw i64 %101, -1 br i1 %107, label %100, label %165 %166 = phi i32 [ %135, %162 ], [ -22, %62 ], [ %73, %67 ], [ %98, %109 ], [ -12, %83 ], [ -12, %100 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %189 [label %167], !srcloc !8 switch i32 %166, label %190 [ i32 -10039, label %199 i32 -10041, label %199 ] %191 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %192 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %191, i64 0, i32 28 %193 = bitcast i8** %192 to %struct.nfs_server.215528** %194 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %193, align 32 %195 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %194, i32 %166, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %106 = phi i32 [ %95, %103 ], [ -12, %68 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %107)) #6 to label %129 [label %107], !srcloc !4 %130 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %131 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %130, i64 0, i32 28 %132 = bitcast i8** %131 to %struct.nfs_server.215528** %133 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %132, align 32 %134 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %133, i32 %106, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.195245*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page.195245** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 1 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page.195245* %2, %struct.page.195245** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %98 [label %76], !srcloc !4 %99 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %100 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.215528** %102 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %101, align 32 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %102, i32 %75, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %80 %81 = phi i32 [ 0, %58 ], [ %79, %78 ] %82 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %81, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.215549** %6 = load %struct.nfs_unlinkdata.215549*, %struct.nfs_unlinkdata.215549** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %7, align 8 %9 = icmp eq %struct.nfs4_slot.215544* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.215552** %7 = load %struct.nfs_renamedata.215552*, %struct.nfs_renamedata.215552** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %8, align 8 %10 = icmp eq %struct.nfs4_slot.215544* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %51 = load %struct.inode.195275*, %struct.inode.195275** %50, align 8 call void bitcast (void (%struct.inode.197661*)* @nfs_invalidate_atime to void (%struct.inode.195275*)*)(%struct.inode.195275* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %54 = bitcast {}** %53 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %55 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %62 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %41 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %41, i64 0, i32 5 %43 = bitcast %struct.nfs4_state.215561** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.195275** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %54, align 1 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %47 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %63 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %36 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %36, i64 0, i32 5 %38 = bitcast %struct.nfs4_state.215561** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.195275** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %49, align 1 %50 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %51 = load %struct.super_block.195272*, %struct.super_block.195272** %50, align 8 %52 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215528** %54 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %53, align 32 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %54, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.195275* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca [16 x %struct.page.195245*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.195245*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message.196909* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %46 = bitcast %struct.rpc_clnt.196924** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_xprt.196914** %47 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %51 = bitcast %struct.rpc_call_ops.196910** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %53 = bitcast i8** %52 to %struct.nfs4_call_sync_data** %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %57 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 18 %58 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %57, i64 0, i32 0, i32 0 %59 = getelementptr inbounds i64, i64* %17, i64 19 %60 = bitcast %struct.spinlock* %57 to i8* %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %62 %63 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %64 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.215528** %66 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %65, align 32 store i64* %18, i64** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page.195245** %22, %struct.page.195245*** %21, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 33), %struct.rpc_procinfo.196908** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %165, label %67 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %66, i64 0, i32 9 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, 8 %71 = icmp eq i32 %70, 0 %72 = or i1 %71, %34 %73 = select i1 %71, i32 -95, i32 -34 br i1 %72, label %165, label %74 %75 = phi i32 [ %98, %87 ], [ 0, %67 ] %76 = phi %struct.page.195245** [ %97, %87 ], [ %22, %67 ] %77 = phi i64 [ %96, %87 ], [ %2, %67 ] %78 = phi i8* [ %95, %87 ], [ %1, %67 ] %79 = icmp ult i64 %77, 4096 %80 = select i1 %79, i64 %77, i64 4096 %81 = call %struct.page.195245* bitcast (%struct.page.112623* (i32, i32)* @alloc_pages_current to %struct.page.195245* (i32, i32)*)(i32 3264, i32 0) #69 %82 = icmp eq %struct.page.195245* %81, null br i1 %82, label %83, label %87 %84 = icmp sgt i32 %75, 0 br i1 %84, label %85, label %165 %86 = zext i32 %75 to i64 br label %100 %101 = phi i64 [ %86, %85 ], [ %108, %100 ] %102 = phi i32 [ %75, %85 ], [ %103, %100 ] %103 = add nsw i32 %102, -1 %104 = zext i32 %103 to i64 %105 = getelementptr [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 %104 %106 = load %struct.page.195245*, %struct.page.195245** %105, align 8 call void bitcast (void (%struct.page.124433*, i32)* @__free_pages to void (%struct.page.195245*, i32)*)(%struct.page.195245* %106, i32 0) #69 %107 = icmp sgt i64 %101, 1 %108 = add nsw i64 %101, -1 br i1 %107, label %100, label %165 %166 = phi i32 [ %135, %162 ], [ -22, %62 ], [ %73, %67 ], [ %98, %109 ], [ -12, %83 ], [ -12, %100 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %189 [label %167], !srcloc !8 switch i32 %166, label %190 [ i32 -10039, label %199 i32 -10041, label %199 ] %191 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %192 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %191, i64 0, i32 28 %193 = bitcast i8** %192 to %struct.nfs_server.215528** %194 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %193, align 32 %195 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %194, i32 %166, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %106 = phi i32 [ %95, %103 ], [ -12, %68 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %107)) #6 to label %129 [label %107], !srcloc !4 %130 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %131 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %130, i64 0, i32 28 %132 = bitcast i8** %131 to %struct.nfs_server.215528** %133 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %132, align 32 %134 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %133, i32 %106, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.195245*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page.195245** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 1 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page.195245* %2, %struct.page.195245** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %98 [label %76], !srcloc !4 %99 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %100 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.215528** %102 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %101, align 32 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %102, i32 %75, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %80 %81 = phi i32 [ 0, %58 ], [ %79, %78 ] %82 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %81, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.215549** %6 = load %struct.nfs_unlinkdata.215549*, %struct.nfs_unlinkdata.215549** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %7, align 8 %9 = icmp eq %struct.nfs4_slot.215544* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.215552** %7 = load %struct.nfs_renamedata.215552*, %struct.nfs_renamedata.215552** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %8, align 8 %10 = icmp eq %struct.nfs4_slot.215544* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_read_done_cb 4 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %51 = load %struct.inode.195275*, %struct.inode.195275** %50, align 8 call void bitcast (void (%struct.inode.197661*)* @nfs_invalidate_atime to void (%struct.inode.195275*)*)(%struct.inode.195275* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %54 = bitcast {}** %53 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %55 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %62 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %41 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %41, i64 0, i32 5 %43 = bitcast %struct.nfs4_state.215561** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.195275** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %54, align 1 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_async_handle_exception 3 nfs4_write_done_cb 4 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %47 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %63 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %36 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %36, i64 0, i32 5 %38 = bitcast %struct.nfs4_state.215561** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.195275** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %49, align 1 %50 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %51 = load %struct.super_block.195272*, %struct.super_block.195272** %50, align 8 %52 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215528** %54 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %53, align 32 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %54, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_set_acl 4 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.195275* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca [16 x %struct.page.195245*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.195245*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message.196909* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %46 = bitcast %struct.rpc_clnt.196924** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_xprt.196914** %47 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %51 = bitcast %struct.rpc_call_ops.196910** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %53 = bitcast i8** %52 to %struct.nfs4_call_sync_data** %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %57 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 18 %58 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %57, i64 0, i32 0, i32 0 %59 = getelementptr inbounds i64, i64* %17, i64 19 %60 = bitcast %struct.spinlock* %57 to i8* %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %62 %63 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %64 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.215528** %66 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %65, align 32 store i64* %18, i64** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page.195245** %22, %struct.page.195245*** %21, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 33), %struct.rpc_procinfo.196908** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %165, label %67 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %66, i64 0, i32 9 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, 8 %71 = icmp eq i32 %70, 0 %72 = or i1 %71, %34 %73 = select i1 %71, i32 -95, i32 -34 br i1 %72, label %165, label %74 %75 = phi i32 [ %98, %87 ], [ 0, %67 ] %76 = phi %struct.page.195245** [ %97, %87 ], [ %22, %67 ] %77 = phi i64 [ %96, %87 ], [ %2, %67 ] %78 = phi i8* [ %95, %87 ], [ %1, %67 ] %79 = icmp ult i64 %77, 4096 %80 = select i1 %79, i64 %77, i64 4096 %81 = call %struct.page.195245* bitcast (%struct.page.112623* (i32, i32)* @alloc_pages_current to %struct.page.195245* (i32, i32)*)(i32 3264, i32 0) #69 %82 = icmp eq %struct.page.195245* %81, null br i1 %82, label %83, label %87 %84 = icmp sgt i32 %75, 0 br i1 %84, label %85, label %165 %86 = zext i32 %75 to i64 br label %100 %101 = phi i64 [ %86, %85 ], [ %108, %100 ] %102 = phi i32 [ %75, %85 ], [ %103, %100 ] %103 = add nsw i32 %102, -1 %104 = zext i32 %103 to i64 %105 = getelementptr [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 %104 %106 = load %struct.page.195245*, %struct.page.195245** %105, align 8 call void bitcast (void (%struct.page.124433*, i32)* @__free_pages to void (%struct.page.195245*, i32)*)(%struct.page.195245* %106, i32 0) #69 %107 = icmp sgt i64 %101, 1 %108 = add nsw i64 %101, -1 br i1 %107, label %100, label %165 %166 = phi i32 [ %135, %162 ], [ -22, %62 ], [ %73, %67 ], [ %98, %109 ], [ -12, %83 ], [ -12, %100 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %189 [label %167], !srcloc !8 switch i32 %166, label %190 [ i32 -10039, label %199 i32 -10041, label %199 ] %191 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %192 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %191, i64 0, i32 28 %193 = bitcast i8** %192 to %struct.nfs_server.215528** %194 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %193, align 32 %195 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %194, i32 %166, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %106 = phi i32 [ %95, %103 ], [ -12, %68 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %107)) #6 to label %129 [label %107], !srcloc !4 %130 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %131 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %130, i64 0, i32 28 %132 = bitcast i8** %131 to %struct.nfs_server.215528** %133 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %132, align 32 %134 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %133, i32 %106, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.195245*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page.195245** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 1 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page.195245* %2, %struct.page.195245** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %98 [label %76], !srcloc !4 %99 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %100 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.215528** %102 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %101, align 32 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %102, i32 %75, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_state_and_recover 1 nfs4_do_handle_exception 2 nfs4_handle_exception 3 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %80 %81 = phi i32 [ 0, %58 ], [ %79, %78 ] %82 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %81, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_unlink_done ------------- Path:  Function:nfs4_proc_unlink_done %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %5 = bitcast i8** %4 to %struct.nfs_unlinkdata.215549** %6 = load %struct.nfs_unlinkdata.215549*, %struct.nfs_unlinkdata.215549** %5, align 8 %7 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 0, i32 0 %8 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %7, align 8 %9 = icmp eq %struct.nfs4_slot.215544* %8, null br i1 %9, label %19, label %10 %20 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 1, i32 1 %21 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %20, align 8 %22 = getelementptr inbounds %struct.nfs_unlinkdata.215549, %struct.nfs_unlinkdata.215549* %6, i64 0, i32 6 %23 = bitcast %struct.nfs4_exception* %3 to i8* %24 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %25 = bitcast %struct.nfs4_exception* %3 to i8* %26 = load i32, i32* %24, align 4 %27 = icmp sgt i32 %26, -1 br i1 %27, label %49, label %28 %29 = icmp ne i64* %22, null br i1 %29, label %30, label %33 %31 = load i64, i64* %22, align 8 %32 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 %31, i64* %32, align 8 br label %33 %34 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %21, i32 %26, %struct.nfs4_exception* nonnull %3) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_proc_rename_done ------------- Path:  Function:nfs4_proc_rename_done %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 11 %6 = bitcast i8** %5 to %struct.nfs_renamedata.215552** %7 = load %struct.nfs_renamedata.215552*, %struct.nfs_renamedata.215552** %6, align 8 %8 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 0, i32 0 %9 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %8, align 8 %10 = icmp eq %struct.nfs4_slot.215544* %9, null br i1 %10, label %20, label %11 %21 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 1, i32 1 %22 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %21, align 8 %23 = getelementptr inbounds %struct.nfs_renamedata.215552, %struct.nfs_renamedata.215552* %7, i64 0, i32 10 %24 = bitcast %struct.nfs4_exception* %4 to i8* %25 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %26 = bitcast %struct.nfs4_exception* %4 to i8* %27 = load i32, i32* %25, align 4 %28 = icmp sgt i32 %27, -1 br i1 %28, label %50, label %29 %30 = icmp ne i64* %23, null br i1 %30, label %31, label %34 %32 = load i64, i64* %23, align 8 %33 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 3 store i64 %32, i64* %33, align 8 br label %34 %35 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %22, i32 %27, %struct.nfs4_exception* nonnull %4) #69 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_read_done_cb 5 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 br label %44 %45 = load i32, i32* %17, align 4 br label %46 %47 = phi i32 [ %45, %44 ], [ %18, %16 ] %48 = icmp sgt i32 %47, 0 br i1 %48, label %49, label %52 %50 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %51 = load %struct.inode.195275*, %struct.inode.195275** %50, align 8 call void bitcast (void (%struct.inode.197661*)* @nfs_invalidate_atime to void (%struct.inode.195275*)*)(%struct.inode.195275* %51) #69 br label %52 %53 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %54 = bitcast {}** %53 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %55 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %54, align 8 %56 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %55, null br i1 %56, label %59, label %57 %60 = call i32 @nfs4_read_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_read_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %12 = load i32, i32* %11, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_read to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_read_done_cb, %13)) #6 to label %35 [label %13], !srcloc !4 %36 = load i32, i32* %11, align 4 %37 = icmp slt i32 %36, 0 br i1 %37, label %38, label %62 %39 = bitcast %struct.nfs4_exception* %3 to i8* %40 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %41 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %40, align 8 %42 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %41, i64 0, i32 5 %43 = bitcast %struct.nfs4_state.215561** %42 to i64* %44 = load i64, i64* %43, align 8 %45 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %44, i64* %45, align 8 %46 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %47 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %48 = load i64, i64* %47, align 8 %49 = bitcast %struct.inode.195275** %46 to i64* store i64 %48, i64* %49, align 8 %50 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %51 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %51, %struct.nfs4_stateid_struct** %50, align 8 %52 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %52, align 8 %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %53, align 8 %54 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %54, align 1 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %10, i32 %36, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_async_handle_exception 4 nfs4_write_done_cb 5 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 %29 = icmp eq i32 %28, -5 br i1 %29, label %30, label %31 %32 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4, i32 1 %33 = load i32, i32* %32, align 4 %34 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %3, i64 0, i32 1 %35 = load i32, i32* %34, align 4 %36 = icmp eq i32 %33, %35 br i1 %36, label %38, label %37 %39 = bitcast %struct.nfs4_stateid_struct* %20 to i8* %40 = call i32 @bcmp(i8* dereferenceable(16) %39, i8* nonnull dereferenceable(16) %25, i64 16) #6 %41 = icmp eq i32 %40, 0 br i1 %41, label %44, label %42 %45 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 23 %46 = bitcast {}** %45 to i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %47 = load i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)*, i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)** %46, align 8 %48 = icmp eq i32 (%struct.rpc_task.196911*, %struct.nfs_pgio_header.215580*)* %47, null br i1 %48, label %51, label %49 %52 = call i32 @nfs4_write_done_cb(%struct.rpc_task.196911* %0, %struct.nfs_pgio_header.215580* %1) #70 Function:nfs4_write_done_cb %3 = alloca %struct.nfs4_exception, align 8 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 0 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 %6 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %7 = load i32, i32* %6, align 4 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_write to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_write_done_cb, %8)) #6 to label %30 [label %8], !srcloc !4 %31 = load i32, i32* %6, align 4 %32 = icmp slt i32 %31, 0 br i1 %32, label %33, label %63 %34 = bitcast %struct.nfs4_exception* %3 to i8* %35 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %36 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %35, align 8 %37 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %36, i64 0, i32 5 %38 = bitcast %struct.nfs4_state.215561** %37 to i64* %39 = load i64, i64* %38, align 8 %40 = bitcast %struct.nfs4_exception* %3 to i64* store i64 %39, i64* %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 1 %42 = bitcast %struct.nfs_pgio_header.215580* %1 to i64* %43 = load i64, i64* %42, align 8 %44 = bitcast %struct.inode.195275** %41 to i64* store i64 %43, i64* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 2 %46 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 store %struct.nfs4_stateid_struct* %46, %struct.nfs4_stateid_struct** %45, align 8 %47 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 3 store i64 0, i64* %47, align 8 %48 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 4 store i8 0, i8* %48, align 8 %49 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 0, i8* %49, align 1 %50 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 8 %51 = load %struct.super_block.195272*, %struct.super_block.195272** %50, align 8 %52 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %51, i64 0, i32 28 %53 = bitcast i8** %52 to %struct.nfs_server.215528** %54 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %53, align 32 %55 = call fastcc i32 @nfs4_async_handle_exception(%struct.rpc_task.196911* %0, %struct.nfs_server.215528* %54, i32 %31, %struct.nfs4_exception* nonnull %3) #70 Function:nfs4_async_handle_exception %5 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %1, i64 0, i32 0 %6 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %5, align 8 %7 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %1, i32 %2, %struct.nfs4_exception* %3) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_set_acl 5 nfs4_xattr_set_nfs4_acl ------------- Path:  Function:nfs4_xattr_set_nfs4_acl %8 = tail call fastcc i32 @nfs4_proc_set_acl(%struct.inode.195275* %2, i8* %4, i64 %5) #69 Function:nfs4_proc_set_acl %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca [16 x %struct.page.195245*], align 16 %7 = alloca %struct.nfs_setaclargs, align 8 %8 = alloca %struct.nfs4_readlink_res, align 8 %9 = alloca %struct.rpc_message.196909, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = bitcast %struct.nfs4_exception* %10 to i8* %12 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %13 = bitcast [16 x %struct.page.195245*]* %6 to i8* %14 = bitcast %struct.nfs_setaclargs* %7 to i8* %15 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 1 %17 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %18 = getelementptr inbounds i64, i64* %17, i64 1 %19 = bitcast %struct.nfs_fh** %16 to i64** %20 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 2 %21 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 3 %22 = getelementptr inbounds [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 0 %23 = bitcast %struct.nfs4_readlink_res* %8 to i8* %24 = bitcast %struct.rpc_message.196909* %9 to i8* %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 0 %26 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 1 %27 = bitcast i8** %26 to %struct.nfs_setaclargs** %28 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 2 %29 = bitcast i8** %28 to %struct.nfs4_readlink_res** %30 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %9, i64 0, i32 3 %31 = add i64 %2, 4095 %32 = icmp eq i64 %2, 0 %33 = and i64 %31, 17592186040320 %34 = icmp ugt i64 %33, 65536 %35 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 0 %37 = getelementptr inbounds %struct.nfs_setaclargs, %struct.nfs_setaclargs* %7, i64 0, i32 0, i32 1 %38 = getelementptr inbounds %struct.nfs4_readlink_res, %struct.nfs4_readlink_res* %8, i64 0, i32 0, i32 0 %39 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %42 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %43 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %46 = bitcast %struct.rpc_clnt.196924** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %48 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %49 = bitcast %struct.rpc_xprt.196914** %47 to i8* %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %51 = bitcast %struct.rpc_call_ops.196910** %50 to i64* %52 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %53 = bitcast i8** %52 to %struct.nfs4_call_sync_data** %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %56 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %57 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 18 %58 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %57, i64 0, i32 0, i32 0 %59 = getelementptr inbounds i64, i64* %17, i64 19 %60 = bitcast %struct.spinlock* %57 to i8* %61 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 br label %62 %63 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %64 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %63, i64 0, i32 28 %65 = bitcast i8** %64 to %struct.nfs_server.215528** %66 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %65, align 32 store i64* %18, i64** %19, align 8 store i64 %2, i64* %20, align 8 store %struct.page.195245** %22, %struct.page.195245*** %21, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 33), %struct.rpc_procinfo.196908** %25, align 8 store %struct.nfs_setaclargs* %7, %struct.nfs_setaclargs** %27, align 8 store %struct.nfs4_readlink_res* %8, %struct.nfs4_readlink_res** %29, align 8 store %struct.cred* null, %struct.cred** %30, align 8 br i1 %32, label %165, label %67 %68 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %66, i64 0, i32 9 %69 = load i32, i32* %68, align 4 %70 = and i32 %69, 8 %71 = icmp eq i32 %70, 0 %72 = or i1 %71, %34 %73 = select i1 %71, i32 -95, i32 -34 br i1 %72, label %165, label %74 %75 = phi i32 [ %98, %87 ], [ 0, %67 ] %76 = phi %struct.page.195245** [ %97, %87 ], [ %22, %67 ] %77 = phi i64 [ %96, %87 ], [ %2, %67 ] %78 = phi i8* [ %95, %87 ], [ %1, %67 ] %79 = icmp ult i64 %77, 4096 %80 = select i1 %79, i64 %77, i64 4096 %81 = call %struct.page.195245* bitcast (%struct.page.112623* (i32, i32)* @alloc_pages_current to %struct.page.195245* (i32, i32)*)(i32 3264, i32 0) #69 %82 = icmp eq %struct.page.195245* %81, null br i1 %82, label %83, label %87 %84 = icmp sgt i32 %75, 0 br i1 %84, label %85, label %165 %86 = zext i32 %75 to i64 br label %100 %101 = phi i64 [ %86, %85 ], [ %108, %100 ] %102 = phi i32 [ %75, %85 ], [ %103, %100 ] %103 = add nsw i32 %102, -1 %104 = zext i32 %103 to i64 %105 = getelementptr [16 x %struct.page.195245*], [16 x %struct.page.195245*]* %6, i64 0, i64 %104 %106 = load %struct.page.195245*, %struct.page.195245** %105, align 8 call void bitcast (void (%struct.page.124433*, i32)* @__free_pages to void (%struct.page.195245*, i32)*)(%struct.page.195245* %106, i32 0) #69 %107 = icmp sgt i64 %101, 1 %108 = add nsw i64 %101, -1 br i1 %107, label %100, label %165 %166 = phi i32 [ %135, %162 ], [ -22, %62 ], [ %73, %67 ], [ %98, %109 ], [ -12, %83 ], [ -12, %100 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_set_acl to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_set_acl, %167)) #6 to label %189 [label %167], !srcloc !8 switch i32 %166, label %190 [ i32 -10039, label %199 i32 -10041, label %199 ] %191 = load %struct.super_block.195272*, %struct.super_block.195272** %12, align 8 %192 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %191, i64 0, i32 28 %193 = bitcast i8** %192 to %struct.nfs_server.215528** %194 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %193, align 32 %195 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %194, i32 %166, %struct.nfs4_exception* nonnull %10) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_access ------------- Path:  Function:nfs4_proc_access %3 = alloca %struct.nfs4_call_sync_data, align 8 %4 = alloca %struct.rpc_task_setup.196956, align 8 %5 = alloca %struct.nfs4_accessargs, align 8 %6 = alloca %struct.nfs4_accessres, align 8 %7 = alloca %struct.rpc_message.196909, align 8 %8 = alloca %struct.nfs4_exception, align 8 %9 = bitcast %struct.nfs4_exception* %8 to i8* %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 5 store i8 1, i8* %10, align 1 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = bitcast %struct.nfs4_accessargs* %5 to i8* %13 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0 %14 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 1 %15 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %16 = getelementptr inbounds i64, i64* %15, i64 1 %17 = bitcast %struct.nfs_fh** %14 to i64** %18 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 2 %19 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 3 %20 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 3 %21 = bitcast %struct.nfs4_accessres* %6 to i8* %22 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 1 %23 = bitcast %struct.rpc_message.196909* %7 to i8* %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 0 %25 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 1 %26 = bitcast i8** %25 to %struct.nfs4_accessargs** %27 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 2 %28 = bitcast i8** %27 to %struct.nfs4_accessres** %29 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %7, i64 0, i32 3 %30 = getelementptr inbounds %struct.nfs_access_entry, %struct.nfs_access_entry* %1, i64 0, i32 2 %31 = bitcast %struct.cred** %30 to i64* %32 = bitcast %struct.cred** %29 to i64* %33 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 2 %34 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0 %35 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_accessargs, %struct.nfs4_accessargs* %5, i64 0, i32 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 0, i32 0 %38 = bitcast %struct.nfs4_call_sync_data* %3 to i8* %39 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 0 %40 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 1 %41 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %3, i64 0, i32 2 %42 = bitcast %struct.rpc_task_setup.196956* %4 to i8* %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 0 %44 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 1 %45 = bitcast %struct.rpc_clnt.196924** %44 to i64* %46 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 2 %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 4 %48 = bitcast %struct.rpc_xprt.196914** %46 to i8* %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 5 %50 = bitcast %struct.rpc_call_ops.196910** %49 to i64* %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 6 %52 = bitcast i8** %51 to %struct.nfs4_call_sync_data** %53 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 7 %54 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 8 %55 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %4, i64 0, i32 9 %56 = getelementptr inbounds %struct.nfs4_accessres, %struct.nfs4_accessres* %6, i64 0, i32 4 %57 = bitcast %struct.nfs_fattr** %33 to i8** %58 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %8, i64 0, i32 4 br label %59 %60 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %61 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %60, i64 0, i32 28 %62 = bitcast i8** %61 to %struct.nfs_server.215528** %63 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %62, align 32 store i64* %16, i64** %17, align 8 store i32* null, i32** %18, align 8 %64 = load i32, i32* %20, align 8 store i32 %64, i32* %19, align 8 store %struct.nfs_server.215528* %63, %struct.nfs_server.215528** %22, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 17), %struct.rpc_procinfo.196908** %24, align 8 store %struct.nfs4_accessargs* %5, %struct.nfs4_accessargs** %26, align 8 store %struct.nfs4_accessres* %6, %struct.nfs4_accessres** %28, align 8 %65 = load i64, i64* %31, align 8 store i64 %65, i64* %32, align 8 %66 = call i32 bitcast (i32 (%struct.inode.220272*, i32)* @nfs4_have_delegation to i32 (%struct.inode.195275*, i32)*)(%struct.inode.195275* %0, i32 1) #69 %67 = icmp eq i32 %66, 0 br i1 %67, label %68, label %73 %69 = call %struct.nfs_fattr* @nfs_alloc_fattr() #69 store %struct.nfs_fattr* %69, %struct.nfs_fattr** %33, align 8 %70 = icmp eq %struct.nfs_fattr* %69, null br i1 %70, label %105, label %71 %106 = phi i32 [ %95, %103 ], [ -12, %68 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_access to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_access, %107)) #6 to label %129 [label %107], !srcloc !4 %130 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %131 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %130, i64 0, i32 28 %132 = bitcast i8** %131 to %struct.nfs_server.215528** %133 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %132, align 32 %134 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %133, i32 %106, %struct.nfs4_exception* nonnull %8) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_symlink ------------- Path:  Function:nfs4_proc_symlink %6 = alloca %struct.page.195245*, align 8 %7 = alloca %struct.nfs4_exception, align 8 %8 = bitcast %struct.nfs4_exception* %7 to i8* %9 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 5 store i8 1, i8* %9, align 1 %10 = bitcast %struct.page.195245** %6 to i8* %11 = icmp ugt i32 %3, 4096 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %13 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %14 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %15 = getelementptr inbounds i64, i64* %14, i64 1 %16 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %7, i64 0, i32 4 br label %17 store %struct.page.195245* %2, %struct.page.195245** %6, align 8 br i1 %11, label %74, label %18 %75 = phi i32 [ -36, %17 ], [ %73, %22 ], [ -12, %18 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs4_symlink to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs4_proc_symlink, %76)) #6 to label %98 [label %76], !srcloc !4 %99 = load %struct.super_block.195272*, %struct.super_block.195272** %13, align 8 %100 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %99, i64 0, i32 28 %101 = bitcast i8** %100 to %struct.nfs_server.215528** %102 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %101, align 32 %103 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %102, i32 %75, %struct.nfs4_exception* nonnull %7) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 nfs_inode_find_delegation_state_and_recover 1 nfs_inode_find_state_and_recover 2 nfs4_do_handle_exception 3 nfs4_handle_exception 4 nfs4_proc_pathconf ------------- Path:  Function:nfs4_proc_pathconf %4 = alloca %struct.nfs4_call_sync_data, align 8 %5 = alloca %struct.rpc_task_setup.196956, align 8 %6 = alloca %struct.nfs4_server_caps_arg, align 8 %7 = alloca %struct.nfs4_pathconf_res, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.nfs4_exception, align 8 %10 = bitcast %struct.nfs4_exception* %9 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = bitcast %struct.nfs4_server_caps_arg* %6 to i8* %13 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 1 %14 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 2 %15 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 33, i64 0 %16 = bitcast %struct.nfs4_pathconf_res* %7 to i8* %17 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 1 %18 = bitcast %struct.rpc_message.196909* %8 to i8* %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 %20 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %21 = bitcast i8** %20 to %struct.nfs4_server_caps_arg** %22 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %23 = bitcast i8** %22 to %struct.nfs4_pathconf_res** %24 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 %25 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0 %26 = getelementptr inbounds %struct.nfs_pathconf, %struct.nfs_pathconf* %2, i64 0, i32 0 %27 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 3 %28 = bitcast %struct.rpc_clnt.196924** %27 to i64* %29 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0 %30 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 0 %31 = getelementptr inbounds %struct.nfs4_server_caps_arg, %struct.nfs4_server_caps_arg* %6, i64 0, i32 0, i32 1 %32 = getelementptr inbounds %struct.nfs4_pathconf_res, %struct.nfs4_pathconf_res* %7, i64 0, i32 0, i32 0 %33 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %34 = bitcast %struct.nfs4_call_sync_data* %4 to i8* %35 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 0 %36 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 1 %37 = getelementptr inbounds %struct.nfs4_call_sync_data, %struct.nfs4_call_sync_data* %4, i64 0, i32 2 %38 = bitcast %struct.rpc_task_setup.196956* %5 to i8* %39 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 0 %40 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 1 %41 = bitcast %struct.rpc_clnt.196924** %40 to i64* %42 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 2 %43 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 4 %44 = bitcast %struct.rpc_xprt.196914** %42 to i8* %45 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 5 %46 = bitcast %struct.rpc_call_ops.196910** %45 to i64* %47 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 6 %48 = bitcast i8** %47 to %struct.nfs4_call_sync_data** %49 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 7 %50 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 8 %51 = getelementptr inbounds %struct.rpc_task_setup.196956, %struct.rpc_task_setup.196956* %5, i64 0, i32 9 %52 = bitcast %struct.nfs_pathconf* %2 to i8* %53 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %9, i64 0, i32 4 br label %54 store %struct.nfs_fh* %1, %struct.nfs_fh** %13, align 8 store i32* %15, i32** %14, align 8 store %struct.nfs_pathconf* %2, %struct.nfs_pathconf** %17, align 8 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 26), %struct.rpc_procinfo.196908** %19, align 8 store %struct.nfs4_server_caps_arg* %6, %struct.nfs4_server_caps_arg** %21, align 8 store %struct.nfs4_pathconf_res* %7, %struct.nfs4_pathconf_res** %23, align 8 store %struct.cred* null, %struct.cred** %24, align 8 %55 = load i32, i32* %15, align 4 %56 = and i32 %55, 805306368 %57 = icmp eq i32 %56, 0 br i1 %57, label %58, label %59 br label %80 %81 = phi i32 [ 0, %58 ], [ %79, %78 ] %82 = call i32 @nfs4_handle_exception(%struct.nfs_server.215528* %0, i32 %81, %struct.nfs4_exception* nonnull %9) #70 Function:nfs4_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = tail call fastcc i32 @nfs4_do_handle_exception(%struct.nfs_server.215528* %0, i32 %1, %struct.nfs4_exception* %2) #69 Function:nfs4_do_handle_exception %4 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %0, i64 0, i32 0 %5 = load %struct.nfs_client.215594*, %struct.nfs_client.215594** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 0 %7 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %6, align 8 %8 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 1 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 4 %11 = load i8, i8* %10, align 8 %12 = and i8 %11, -15 store i8 %12, i8* %10, align 8 %13 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %2, i64 0, i32 2 %14 = load %struct.nfs4_stateid_struct*, %struct.nfs4_stateid_struct** %13, align 8 %15 = icmp eq %struct.nfs4_stateid_struct* %14, null br i1 %15, label %22, label %16 %23 = phi %struct.nfs4_stateid_struct* [ null, %3 ], [ %21, %16 ] %24 = icmp eq %struct.nfs4_stateid_struct* %23, null %25 = icmp ne %struct.nfs4_state.215561* %7, null %26 = and i1 %25, %24 br i1 %26, label %27, label %36 %28 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8 %29 = icmp eq %struct.nfs4_stateid_struct* %28, null br i1 %29, label %36, label %30 %31 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %7, i64 0, i32 8, i32 1 %32 = load i32, i32* %31, align 4 %33 = add i32 %32, -2 %34 = icmp ult i32 %33, 3 %35 = select i1 %34, %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct* null br label %36 %37 = phi %struct.nfs4_stateid_struct* [ %23, %22 ], [ null, %27 ], [ %35, %30 ] switch i32 %1, label %94 [ i32 0, label %108 i32 -10041, label %81 i32 -10039, label %81 i32 -10087, label %38 i32 -10047, label %38 i32 -10011, label %38 i32 -10025, label %38 i32 -10038, label %43 i32 -10023, label %62 i32 -10022, label %62 i32 -10019, label %63 i32 -10031, label %66 i32 -10046, label %67 i32 -10008, label %71 i32 -10013, label %76 i32 -10058, label %76 i32 -10061, label %76 i32 -10068, label %79 i32 -10024, label %79 ] %39 = icmp ne %struct.inode.195275* %9, null %40 = icmp ne %struct.nfs4_stateid_struct* %37, null %41 = and i1 %39, %40 br i1 %41, label %42, label %43 tail call void @nfs_inode_find_state_and_recover(%struct.inode.195275* nonnull %9, %struct.nfs4_stateid_struct* nonnull %37) #69 Function:nfs_inode_find_state_and_recover %3 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %4 = load %struct.super_block.195272*, %struct.super_block.195272** %3, align 8 %5 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.217143** %7 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %7, i64 0, i32 0 %9 = load %struct.nfs_client.217218*, %struct.nfs_client.217218** %8, align 8 %10 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds i64, i64* %10, i64 36 %12 = bitcast i64* %11 to %struct.list_head* %13 = load volatile i64, i64* %11, align 8 %14 = inttoptr i64 %13 to %struct.list_head* %15 = icmp eq %struct.list_head* %12, %14 br i1 %15, label %106, label %16 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = getelementptr inbounds %struct.nfs_client.217218, %struct.nfs_client.217218* %9, i64 0, i32 21 %19 = bitcast i64* %18 to i8* br label %20 %21 = phi i64 [ %13, %16 ], [ %103, %100 ] %22 = phi i8 [ 0, %16 ], [ %101, %100 ] %23 = inttoptr i64 %21 to i8* %24 = getelementptr i8, i8* %23, i64 -32 %25 = bitcast i8* %24 to %struct.nfs4_state.217176** %26 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %25, align 8 %27 = icmp eq %struct.nfs4_state.217176* %26, null br i1 %27, label %100, label %28 %29 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 8, i32 0, i32 0, i32 1, i64 0 %30 = tail call i32 @bcmp(i8* dereferenceable(12) %29, i8* dereferenceable(12) %17, i64 12) #6 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %43 %33 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %34 = load volatile i64, i64* %33, align 8 %35 = and i64 %34, 512 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %43 %44 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 9, i32 0, i32 0, i32 1, i64 0 %45 = tail call i32 @bcmp(i8* dereferenceable(12) %44, i8* dereferenceable(12) %17, i64 12) #6 %46 = icmp eq i32 %45, 0 br i1 %46, label %47, label %58 %48 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %49 = load volatile i64, i64* %48, align 8 %50 = and i64 %49, 512 %51 = icmp eq i64 %50, 0 br i1 %51, label %52, label %58 %59 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 5 %60 = load volatile i64, i64* %59, align 8 %61 = and i64 %60, 1 %62 = icmp eq i64 %61, 0 br i1 %62, label %100, label %63 %64 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 6 %65 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %64, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %65) #69 %66 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %26, i64 0, i32 2 %67 = bitcast %struct.list_head* %66 to %struct.nfs4_lock_state.217206** %68 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %67, align 8 %69 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %68, i64 0, i32 0 %70 = icmp eq %struct.list_head* %69, %66 br i1 %70, label %86, label %71 %72 = phi %struct.nfs4_lock_state.217206* [ %83, %81 ], [ %68, %63 ] %73 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 2 %74 = load volatile i64, i64* %73, align 8 %75 = and i64 %74, 1 %76 = icmp eq i64 %75, 0 br i1 %76, label %81, label %77 %78 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %72, i64 0, i32 4, i32 0, i32 0, i32 1, i64 0 %79 = tail call i32 @bcmp(i8* dereferenceable(12) %78, i8* dereferenceable(12) %17, i64 12) #6 %80 = icmp eq i32 %79, 0 br i1 %80, label %86, label %81 %87 = phi %struct.nfs4_lock_state.217206* [ null, %63 ], [ null, %81 ], [ %72, %77 ] %88 = icmp eq %struct.nfs4_lock_state.217206* %87, null tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %89 = bitcast %struct.spinlock* %64 to i8* store volatile i8 0, i8* %89, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 br i1 %88, label %100, label %90 %101 = phi i8 [ %22, %20 ], [ %22, %86 ], [ 1, %37 ], [ 1, %52 ], [ 1, %94 ], [ %22, %90 ], [ %22, %58 ] %102 = inttoptr i64 %21 to i64* %103 = load volatile i64, i64* %102, align 8 %104 = inttoptr i64 %103 to %struct.list_head* %105 = icmp eq %struct.list_head* %12, %104 br i1 %105, label %106, label %20 %107 = phi i8 [ 0, %2 ], [ %101, %100 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void bitcast (void (%struct.inode.220272*, %struct.nfs4_stateid_struct*)* @nfs_inode_find_delegation_state_and_recover to void (%struct.inode.195275*, %struct.nfs4_stateid_struct*)*)(%struct.inode.195275* %0, %struct.nfs4_stateid_struct* %1) #69 Function:nfs_inode_find_delegation_state_and_recover %3 = getelementptr inbounds %struct.inode.220272, %struct.inode.220272* %0, i64 0, i32 8 %4 = load %struct.super_block.220255*, %struct.super_block.220255** %3, align 8 %5 = getelementptr inbounds %struct.super_block.220255, %struct.super_block.220255* %4, i64 0, i32 28 %6 = bitcast i8** %5 to %struct.nfs_server.220317** %7 = load %struct.nfs_server.220317*, %struct.nfs_server.220317** %6, align 32 %8 = getelementptr inbounds %struct.nfs_server.220317, %struct.nfs_server.220317* %7, i64 0, i32 0 %9 = load %struct.nfs_client.220386*, %struct.nfs_client.220386** %8, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %10 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %11 = getelementptr inbounds i64, i64* %10, i64 50 %12 = load volatile i64, i64* %11, align 8 %13 = inttoptr i64 %12 to %struct.nfs_delegation.220276* %14 = icmp eq i64 %12, 0 br i1 %14, label %37, label %15 %16 = getelementptr inbounds %struct.nfs_delegation.220276, %struct.nfs_delegation.220276* %13, i64 0, i32 3, i32 0, i32 0, i32 1, i64 0 %17 = getelementptr inbounds %struct.nfs4_stateid_struct, %struct.nfs4_stateid_struct* %1, i64 0, i32 0, i32 0, i32 1, i64 0 %18 = tail call i32 @bcmp(i8* dereferenceable(12) %16, i8* dereferenceable(12) %17, i64 12) #6 ------------- Use: =BAD PATH= Call Stack: 0 autofs_lookup ------------- Path:  Function:autofs_lookup %4 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %146, label %9 %10 = getelementptr inbounds %struct.inode.240718, %struct.inode.240718* %0, i64 0, i32 8 %11 = load %struct.super_block.240699*, %struct.super_block.240699** %10, align 8 %12 = getelementptr inbounds %struct.super_block.240699, %struct.super_block.240699* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.autofs_sb_info.240729** %14 = load %struct.autofs_sb_info.240729*, %struct.autofs_sb_info.240729** %13, align 32 %15 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %1, i64 0, i32 9 %16 = load %struct.super_block.240699*, %struct.super_block.240699** %15, align 8 %17 = getelementptr inbounds %struct.super_block.240699, %struct.super_block.240699* %16, i64 0, i32 28 %18 = bitcast i8** %17 to %struct.autofs_sb_info.240729** %19 = load %struct.autofs_sb_info.240729*, %struct.autofs_sb_info.240729** %18, align 32 %20 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %1, i64 0, i32 3 %21 = load %struct.dentry.240722*, %struct.dentry.240722** %20, align 8 %22 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %1, i64 0, i32 4 %23 = bitcast %struct.qstr* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %1, i64 0, i32 4, i32 1 %26 = load i8*, i8** %25, align 8 %27 = getelementptr inbounds %struct.autofs_sb_info.240729, %struct.autofs_sb_info.240729* %19, i64 0, i32 17 %28 = bitcast %struct.list_head* %27 to i64* %29 = load volatile i64, i64* %28, align 8 %30 = inttoptr i64 %29 to %struct.list_head* %31 = icmp eq %struct.list_head* %27, %30 br i1 %31, label %92, label %32 %33 = getelementptr inbounds %struct.autofs_sb_info.240729, %struct.autofs_sb_info.240729* %19, i64 0, i32 16 %34 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %33, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %34) #69 %35 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 %36 = load %struct.list_head*, %struct.list_head** %35, align 8 %37 = icmp eq %struct.list_head* %36, %27 br i1 %37, label %87, label %38 %39 = zext i32 %7 to i64 br label %40 %41 = phi %struct.list_head* [ %36, %38 ], [ %85, %82 ] %42 = getelementptr %struct.list_head, %struct.list_head* %41, i64 -4, i32 1 %43 = bitcast %struct.list_head** %42 to %struct.dentry.240722** %44 = load %struct.dentry.240722*, %struct.dentry.240722** %43, align 8 %45 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %44, i64 0, i32 7, i32 0 %46 = bitcast %struct.anon.1* %45 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %46) #69 %47 = bitcast %struct.anon.1* %45 to %struct.swap_cluster_info* %48 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %47, i64 0, i32 1 %49 = load i32, i32* %48, align 4 %50 = icmp slt i32 %49, 1 br i1 %50, label %82, label %51 %52 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %44, i64 0, i32 4 %53 = bitcast %struct.qstr* %52 to %struct.util_est* %54 = bitcast %struct.qstr* %52 to i32* %55 = load i32, i32* %54, align 8 %56 = icmp eq i32 %55, %24 br i1 %56, label %57, label %82 %58 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %44, i64 0, i32 3 %59 = load %struct.dentry.240722*, %struct.dentry.240722** %58, align 8 %60 = icmp eq %struct.dentry.240722* %59, %21 br i1 %60, label %61, label %82 %62 = getelementptr inbounds %struct.util_est, %struct.util_est* %53, i64 0, i32 1 %63 = load i32, i32* %62, align 4 %64 = icmp eq i32 %63, %7 br i1 %64, label %65, label %82 %66 = getelementptr inbounds %struct.dentry.240722, %struct.dentry.240722* %44, i64 0, i32 4, i32 1 %67 = load i8*, i8** %66, align 8 %68 = tail call i32 @bcmp(i8* %67, i8* %26, i64 %39) #6 ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_checkreqprot ------------- Path:  Function:sel_write_checkreqprot %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %7 = load %struct.inode.251157*, %struct.inode.251157** %6, align 8 %8 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %7, i64 0, i32 8 %9 = load %struct.super_block.251140*, %struct.super_block.251140** %8, align 8 %10 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 32 %13 = bitcast i32* %5 to i8* %14 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %14, i64 0, i32 78 %16 = load %struct.cred*, %struct.cred** %15, align 64 %17 = getelementptr inbounds %struct.cred, %struct.cred* %16, i64 0, i32 20 %18 = load i8*, i8** %17, align 8 %19 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %20 = sext i32 %19 to i64 %21 = getelementptr i8, i8* %18, i64 %20 %22 = getelementptr inbounds i8, i8* %21, i64 4 %23 = bitcast i8* %22 to i32* %24 = load i32, i32* %23, align 4 %25 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %24, i32 2, i16 zeroext 1, i32 1024, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 18 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @find_first_bit(i64* %64, i64 384) #69 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #71 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #69 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_read_policy ------------- Path:  Function:sel_read_policy %5 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.trace_print_flags** %7 = load %struct.trace_print_flags*, %struct.trace_print_flags** %6, align 8 %8 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %9 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %8, i64 0, i32 78 %10 = load %struct.cred*, %struct.cred** %9, align 64 %11 = getelementptr inbounds %struct.cred, %struct.cred* %10, i64 0, i32 20 %12 = load i8*, i8** %11, align 8 %13 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %14 = sext i32 %13 to i64 %15 = getelementptr i8, i8* %12, i64 %14 %16 = getelementptr inbounds i8, i8* %15, i64 4 %17 = bitcast i8* %16 to i32* %18 = load i32, i32* %17, align 4 %19 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %18, i32 2, i16 zeroext 1, i32 2048, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 18 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @find_first_bit(i64* %64, i64 384) #69 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #71 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #69 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_avc_cache_threshold ------------- Path:  Function:sel_write_avc_cache_threshold %5 = alloca i32, align 4 %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %7 = load %struct.inode.251157*, %struct.inode.251157** %6, align 8 %8 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %7, i64 0, i32 8 %9 = load %struct.super_block.251140*, %struct.super_block.251140** %8, align 8 %10 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.selinux_fs_info** %12 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %11, align 32 %13 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %12, i64 0, i32 10 %14 = load %struct.selinux_state*, %struct.selinux_state** %13, align 8 %15 = bitcast i32* %5 to i8* %16 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %17 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %16, i64 0, i32 78 %18 = load %struct.cred*, %struct.cred** %17, align 64 %19 = getelementptr inbounds %struct.cred, %struct.cred* %18, i64 0, i32 20 %20 = load i8*, i8** %19, align 8 %21 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %22 = sext i32 %21 to i64 %23 = getelementptr i8, i8* %20, i64 %22 %24 = getelementptr inbounds i8, i8* %23, i64 4 %25 = bitcast i8* %24 to i32* %26 = load i32, i32* %25, align 4 %27 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %26, i32 2, i16 zeroext 1, i32 512, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 18 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @find_first_bit(i64* %64, i64 384) #69 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #71 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #69 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 ebitmap_cmp 1 constraint_expr_eval 2 context_struct_compute_av 3 security_compute_av 4 avc_compute_av 5 avc_has_perm_noaudit 6 avc_has_perm 7 sel_write_validatetrans ------------- Path:  Function:sel_write_validatetrans %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca i32, align 4 %8 = alloca i16, align 2 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %10 = load %struct.inode.251157*, %struct.inode.251157** %9, align 8 %11 = getelementptr inbounds %struct.inode.251157, %struct.inode.251157* %10, i64 0, i32 8 %12 = load %struct.super_block.251140*, %struct.super_block.251140** %11, align 8 %13 = getelementptr inbounds %struct.super_block.251140, %struct.super_block.251140* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.selinux_fs_info** %15 = load %struct.selinux_fs_info*, %struct.selinux_fs_info** %14, align 32 %16 = getelementptr inbounds %struct.selinux_fs_info, %struct.selinux_fs_info* %15, i64 0, i32 10 %17 = load %struct.selinux_state*, %struct.selinux_state** %16, align 8 %18 = bitcast i32* %5 to i8* %19 = bitcast i32* %6 to i8* %20 = bitcast i32* %7 to i8* %21 = bitcast i16* %8 to i8* %22 = tail call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %23 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %22, i64 0, i32 78 %24 = load %struct.cred*, %struct.cred** %23, align 64 %25 = getelementptr inbounds %struct.cred, %struct.cred* %24, i64 0, i32 20 %26 = load i8*, i8** %25, align 8 %27 = load i32, i32* getelementptr inbounds (%struct.mmap_arg_struct32, %struct.mmap_arg_struct32* @selinux_blob_sizes, i64 0, i32 0), align 4 %28 = sext i32 %27 to i64 %29 = getelementptr i8, i8* %26, i64 %28 %30 = getelementptr inbounds i8, i8* %29, i64 4 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 4 %33 = tail call i32 bitcast (i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data*)* @avc_has_perm to i32 (%struct.selinux_state*, i32, i32, i16, i32, %struct.common_audit_data.251322*)*)(%struct.selinux_state* nonnull @selinux_state, i32 %32, i32 2, i16 zeroext 1, i32 4096, %struct.common_audit_data.251322* null) #69 Function:avc_has_perm %7 = alloca %struct.gnet_stats_queue, align 4 %8 = bitcast %struct.gnet_stats_queue* %7 to i8* %9 = call i32 @avc_has_perm_noaudit(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, i32 %4, i32 0, %struct.gnet_stats_queue* nonnull %7) #69 Function:avc_has_perm_noaudit %8 = alloca %struct.avc_xperms_node, align 8 %9 = bitcast %struct.avc_xperms_node* %8 to i8* %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %12, !prof !4, !misexpect !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %13 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 5 %14 = load %struct.selinux_avc*, %struct.selinux_avc** %13, align 8 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 0)) #6, !srcloc !9 %15 = shl i32 %2, 2 %16 = xor i32 %15, %1 %17 = zext i16 %3 to i32 %18 = shl nuw nsw i32 %17, 4 %19 = xor i32 %16, %18 %20 = and i32 %19, 511 %21 = zext i32 %20 to i64 %22 = getelementptr %struct.selinux_avc, %struct.selinux_avc* %14, i64 0, i32 1, i32 0, i64 %21, i32 0 %23 = bitcast %struct.hlist_node** %22 to i64* %24 = load volatile i64, i64* %23, align 8 %25 = inttoptr i64 %24 to %struct.hlist_node* %26 = icmp eq i64 %24, 0 %27 = getelementptr %struct.hlist_node, %struct.hlist_node* %25, i64 -3, i32 1 %28 = icmp eq %struct.hlist_node*** %27, null %29 = or i1 %26, %28 br i1 %29, label %57, label %30 %31 = bitcast %struct.hlist_node*** %27 to %struct.avc_node* br label %32 %33 = phi %struct.avc_node* [ %53, %45 ], [ %31, %30 ] %34 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 0 %35 = load i32, i32* %34, align 8 %36 = icmp eq i32 %35, %1 br i1 %36, label %37, label %45 %38 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 2 %39 = load i16, i16* %38, align 8 %40 = icmp eq i16 %39, %3 br i1 %40, label %41, label %45 %42 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 0, i32 1 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, %2 br i1 %44, label %55, label %45 %46 = getelementptr inbounds %struct.avc_node, %struct.avc_node* %33, i64 0, i32 1, i32 0 %47 = bitcast %struct.hlist_node** %46 to i64* %48 = load volatile i64, i64* %47, align 8 %49 = inttoptr i64 %48 to %struct.hlist_node* %50 = icmp eq i64 %48, 0 %51 = getelementptr %struct.hlist_node, %struct.hlist_node* %49, i64 -3, i32 1 %52 = bitcast %struct.hlist_node*** %51 to %struct.avc_node* %53 = select i1 %50, %struct.avc_node* null, %struct.avc_node* %52 %54 = icmp eq %struct.avc_node* %53, null br i1 %54, label %57, label %32 tail call void asm sideeffect "incl %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1), i32* getelementptr inbounds (%struct.gnet_stats_queue, %struct.gnet_stats_queue* @avc_cache_stats, i64 0, i32 1)) #6, !srcloc !10 call fastcc void @avc_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %6, %struct.avc_xperms_node* nonnull %8) #69 Function:avc_compute_av tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1 %8 = ptrtoint %struct.list_head* %7 to i64 %9 = bitcast %struct.list_head* %7 to i64* store volatile i64 %8, i64* %9, align 8 %10 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 1, i32 1 store %struct.list_head* %7, %struct.list_head** %10, align 8 %11 = getelementptr inbounds %struct.avc_xperms_node, %struct.avc_xperms_node* %5, i64 0, i32 0 tail call void @security_compute_av(%struct.selinux_state* %0, i32 %1, i32 %2, i16 zeroext %3, %struct.gnet_stats_queue* %4, %struct.extended_perms* %11) #69 Function:security_compute_av %7 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 6 %8 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %9 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %8, i64 0, i32 2 tail call void @_raw_read_lock(%struct.rwlock_t* %9) #69 %10 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %11, align 4 %12 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %12, align 4 %13 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %14 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %13, i64 0, i32 3 %15 = load i32, i32* %14, align 8 %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 3 store i32 %15, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 4 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.extended_perms, %struct.extended_perms* %5, i64 0, i32 0 store i16 0, i16* %18, align 4 %19 = getelementptr inbounds %struct.selinux_state, %struct.selinux_state* %0, i64 0, i32 3 %20 = load i8, i8* %19, align 1, !range !4 %21 = icmp eq i8 %20, 0 br i1 %21, label %296, label %22 %23 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %24 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1 %25 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 0 %26 = load %struct.sidtab*, %struct.sidtab** %25, align 8 %27 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %1) #69 %28 = icmp eq %struct.context* %27, null br i1 %28, label %29, label %31 %32 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %23, i64 0, i32 1, i32 20 %33 = getelementptr inbounds %struct.context, %struct.context* %27, i64 0, i32 2 %34 = load i32, i32* %33, align 8 %35 = zext i32 %34 to i64 %36 = tail call i32 @ebitmap_get_bit(%struct.ebitmap* %32, i64 %35) #69 %37 = icmp eq i32 %36, 0 br i1 %37, label %41, label %38 %42 = tail call %struct.context* @sidtab_search(%struct.sidtab* %26, i32 %2) #69 %43 = icmp eq %struct.context* %42, null br i1 %43, label %44, label %46 %47 = load %struct.selinux_ss*, %struct.selinux_ss** %7, align 8 %48 = getelementptr inbounds %struct.selinux_ss, %struct.selinux_ss* %47, i64 0, i32 4, i32 1 %49 = load i16, i16* %48, align 8 %50 = icmp ugt i16 %49, %3 br i1 %50, label %51, label %57 %58 = phi i16 [ %56, %51 ], [ %3, %46 ] %59 = icmp ne i16 %3, 0 %60 = icmp eq i16 %58, 0 %61 = and i1 %59, %60 br i1 %61, label %62, label %67, !prof !5, !misexpect !6 tail call fastcc void @context_struct_compute_av(%struct.policydb* %24, %struct.context* nonnull %27, %struct.context* nonnull %42, i16 zeroext %58, %struct.gnet_stats_queue* %4, %struct.extended_perms* %5) #71 Function:context_struct_compute_av %7 = alloca i8*, align 8 %8 = alloca i8*, align 8 %9 = alloca [32 x i8*], align 16 %10 = alloca i32, align 4 %11 = alloca %struct.context, align 8 %12 = alloca %struct.context, align 8 %13 = alloca %struct.gnet_stats_queue, align 4 %14 = alloca %struct.winsize, align 2 %15 = bitcast %struct.winsize* %14 to i8* %16 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 0 store i32 0, i32* %16, align 4 %17 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 1 store i32 0, i32* %17, align 4 %18 = getelementptr inbounds %struct.gnet_stats_queue, %struct.gnet_stats_queue* %4, i64 0, i32 2 store i32 -1, i32* %18, align 4 %19 = icmp eq %struct.extended_perms* %5, null br i1 %19, label %24, label %20 %25 = icmp eq i16 %3, 0 br i1 %25, label %31, label %26, !prof !4 %27 = zext i16 %3 to i32 %28 = getelementptr %struct.policydb, %struct.policydb* %0, i64 0, i32 1, i64 1, i32 1 %29 = load i32, i32* %28, align 8 %30 = icmp ult i32 %29, %27 br i1 %30, label %31, label %37, !prof !4, !misexpect !5 %38 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 3 %39 = load %struct.class_datum**, %struct.class_datum*** %38, align 8 %40 = zext i16 %3 to i64 %41 = add nsw i64 %40, -1 %42 = getelementptr %struct.class_datum*, %struct.class_datum** %39, i64 %41 %43 = load %struct.class_datum*, %struct.class_datum** %42, align 8 %44 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 2 store i16 %3, i16* %44, align 2 %45 = getelementptr inbounds %struct.winsize, %struct.winsize* %14, i64 0, i32 3 store i16 1799, i16* %45, align 2 %46 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 18 %47 = load %struct.ebitmap*, %struct.ebitmap** %46, align 8 %48 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %49 = load i32, i32* %48, align 8 %50 = add i32 %49, -1 %51 = zext i32 %50 to i64 %52 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %51 %53 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %54 = load i32, i32* %53, align 8 %55 = add i32 %54, -1 %56 = zext i32 %55 to i64 %57 = getelementptr %struct.ebitmap, %struct.ebitmap* %47, i64 %56 %58 = bitcast %struct.ebitmap* %52 to i64* %59 = load i64, i64* %58, align 8 %60 = icmp eq i64 %59, 0 br i1 %60, label %241, label %61 %62 = phi i64 [ %70, %68 ], [ %59, %37 ] %63 = inttoptr i64 %62 to %struct.ebitmap_node* %64 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %63, i64 0, i32 1, i64 0 %65 = tail call i64 @find_first_bit(i64* %64, i64 384) #69 %66 = and i64 %65, 4294967168 %67 = icmp ult i64 %66, 384 br i1 %67, label %72, label %68 %69 = inttoptr i64 %62 to i64* %70 = load i64, i64* %69, align 8 %71 = icmp eq i64 %70, 0 br i1 %71, label %241, label %61 %242 = getelementptr inbounds %struct.class_datum, %struct.class_datum* %43, i64 0, i32 4 %243 = load %struct.constraint_node*, %struct.constraint_node** %242, align 8 %244 = icmp eq %struct.constraint_node* %243, null br i1 %244, label %266, label %245 %246 = phi %struct.constraint_node* [ %264, %262 ], [ %243, %241 ] %247 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 0 %248 = load i32, i32* %247, align 8 %249 = load i32, i32* %16, align 4 %250 = and i32 %249, %248 %251 = icmp eq i32 %250, 0 br i1 %251, label %262, label %252 %253 = getelementptr inbounds %struct.constraint_node, %struct.constraint_node* %246, i64 0, i32 1 %254 = load %struct.constraint_expr*, %struct.constraint_expr** %253, align 8 %255 = call fastcc i32 @constraint_expr_eval(%struct.policydb* %0, %struct.context* %1, %struct.context* %2, %struct.context* null, %struct.constraint_expr* %254) #71 Function:constraint_expr_eval %6 = alloca [5 x i32], align 16 %7 = bitcast [5 x i32]* %6 to i8* %8 = icmp eq %struct.constraint_expr* %4, null br i1 %8, label %305, label %9 %10 = icmp ne %struct.context* %3, null %11 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 0 %12 = getelementptr %struct.context, %struct.context* %2, i64 0, i32 4, i32 0, i64 1 %13 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 0 %14 = getelementptr %struct.context, %struct.context* %1, i64 0, i32 4, i32 0, i64 1 %15 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 1 %16 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 1 %17 = getelementptr inbounds %struct.policydb, %struct.policydb* %0, i64 0, i32 4 %18 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 2 %19 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 2 %20 = getelementptr inbounds %struct.context, %struct.context* %1, i64 0, i32 0 %21 = getelementptr inbounds %struct.context, %struct.context* %2, i64 0, i32 0 br label %22 %23 = phi i32 [ -1, %9 ], [ %299, %298 ] %24 = phi %struct.constraint_expr* [ %4, %9 ], [ %301, %298 ] %25 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 0 %26 = load i32, i32* %25, align 8 switch i32 %26, label %297 [ i32 1, label %27 i32 2, label %36 i32 3, label %48 i32 4, label %60 i32 5, label %243 ] %61 = icmp eq i32 %23, 4 br i1 %61, label %309, label %62 %63 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 1 %64 = load i32, i32* %63, align 4 switch i32 %64, label %219 [ i32 1, label %220 i32 4, label %65 i32 2, label %66 i32 32, label %111 i32 64, label %106 i32 128, label %107 i32 256, label %108 i32 512, label %109 i32 1024, label %110 ] %112 = phi %struct.mls_level* [ %11, %110 ], [ %13, %109 ], [ %14, %108 ], [ %14, %107 ], [ %13, %106 ], [ %13, %62 ] %113 = phi %struct.mls_level* [ %12, %110 ], [ %14, %109 ], [ %12, %108 ], [ %11, %107 ], [ %12, %106 ], [ %11, %62 ] %114 = getelementptr inbounds %struct.constraint_expr, %struct.constraint_expr* %24, i64 0, i32 2 %115 = load i32, i32* %114, align 8 switch i32 %115, label %218 [ i32 1, label %116 i32 2, label %133 i32 3, label %151 i32 4, label %168 i32 5, label %185 ] %134 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 0 %135 = load i32, i32* %134, align 8 %136 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 0 %137 = load i32, i32* %136, align 8 %138 = icmp eq i32 %135, %137 br i1 %138, label %139, label %145 %140 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %112, i64 0, i32 1 %141 = getelementptr inbounds %struct.mls_level, %struct.mls_level* %113, i64 0, i32 1 %142 = tail call i32 @ebitmap_cmp(%struct.ebitmap* %140, %struct.ebitmap* %141) #69 Function:ebitmap_cmp %3 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 1 %4 = load i32, i32* %3, align 8 %5 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 1 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %4, %6 br i1 %7, label %8, label %45 %9 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %0, i64 0, i32 0 %10 = getelementptr inbounds %struct.ebitmap, %struct.ebitmap* %1, i64 0, i32 0 %11 = load %struct.ebitmap_node*, %struct.ebitmap_node** %10, align 8 %12 = load %struct.ebitmap_node*, %struct.ebitmap_node** %9, align 8 %13 = icmp ne %struct.ebitmap_node* %12, null %14 = icmp ne %struct.ebitmap_node* %11, null %15 = and i1 %14, %13 br i1 %15, label %16, label %39 %17 = phi %struct.ebitmap_node* [ %35, %31 ], [ %12, %8 ] %18 = phi %struct.ebitmap_node* [ %34, %31 ], [ %11, %8 ] %19 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 2 %20 = load i32, i32* %19, align 8 %21 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 2 %22 = load i32, i32* %21, align 8 %23 = icmp eq i32 %20, %22 br i1 %23, label %24, label %39 %25 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %17, i64 0, i32 1, i64 0 %26 = bitcast i64* %25 to i8* %27 = getelementptr inbounds %struct.ebitmap_node, %struct.ebitmap_node* %18, i64 0, i32 1, i64 0 %28 = bitcast i64* %27 to i8* %29 = tail call i32 @bcmp(i8* dereferenceable(48) %26, i8* dereferenceable(48) %28, i64 48) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_short_storm_ctl_write ------------- Path:  Function:i915_hpd_short_storm_ctl_write %5 = alloca [16 x i8], align 16 %6 = alloca i8, align 1 %7 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.379105** %9 = load %struct.seq_file.379105*, %struct.seq_file.379105** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private.388303** %12 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %11, align 8 %13 = getelementptr inbounds [16 x i8], [16 x i8]* %5, i64 0, i64 0 %14 = icmp ugt i64 %2, 15 br i1 %14, label %61, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %61 %19 = getelementptr [16 x i8], [16 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i8* @strchr(i8* nonnull %13, i32 10) #70 %21 = icmp eq i8* %20, null br i1 %21, label %23, label %22 %24 = call i32 @bcmp(i8* nonnull dereferenceable(6) %13, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.48.36359, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 i915_hpd_storm_ctl_write ------------- Path:  Function:i915_hpd_storm_ctl_write %5 = alloca i32, align 4 %6 = alloca [16 x i8], align 16 %7 = getelementptr inbounds %struct.file.379441, %struct.file.379441* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.seq_file.379105** %9 = load %struct.seq_file.379105*, %struct.seq_file.379105** %8, align 8 %10 = getelementptr inbounds %struct.seq_file.379105, %struct.seq_file.379105* %9, i64 0, i32 12 %11 = bitcast i8** %10 to %struct.drm_i915_private.388303** %12 = load %struct.drm_i915_private.388303*, %struct.drm_i915_private.388303** %11, align 8 %13 = bitcast i32* %5 to i8* %14 = getelementptr inbounds [16 x i8], [16 x i8]* %6, i64 0, i64 0 %15 = icmp ugt i64 %2, 15 br i1 %15, label %57, label %16 %17 = call i64 @_copy_from_user(i8* nonnull %14, i8* %1, i64 %2) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %19, label %57 %20 = getelementptr [16 x i8], [16 x i8]* %6, i64 0, i64 %2 store i8 0, i8* %20, align 1 %21 = call i8* @strchr(i8* nonnull %14, i32 10) #70 %22 = icmp eq i8* %21, null br i1 %22, label %24, label %23 %25 = call i32 @bcmp(i8* nonnull dereferenceable(6) %14, i8* dereferenceable(6) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.48.36359, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.41489, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %23 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 5 %24 = call i32 @bcmp(i8* dereferenceable(4) %23, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %25 = icmp eq i32 %24, 0 br i1 %25, label %366, label %26 %27 = call i32 @bcmp(i8* dereferenceable(6) %23, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %28 = icmp eq i32 %27, 0 br i1 %28, label %35, label %29 %30 = call i32 @bcmp(i8* dereferenceable(2) %23, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.41489, i64 0, i64 0), i64 2) %31 = icmp eq i32 %30, 0 br i1 %31, label %35, label %32 %33 = call i32 @bcmp(i8* dereferenceable(3) %23, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.41490, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.41517, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.41517, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.41517, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.41517, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.41489, i64 0, i64 0), i64 2) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %60 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %61 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.18.41517, i64 0, i64 0), i64 3) %62 = icmp eq i32 %61, 0 br i1 %62, label %75, label %63 %64 = call i32 @bcmp(i8* dereferenceable(4) %60, i8* dereferenceable(4) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.5.41487, i64 0, i64 0), i64 4) %65 = icmp eq i32 %64, 0 br i1 %65, label %75, label %66 %67 = call i32 @bcmp(i8* dereferenceable(6) %60, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %68 = icmp eq i32 %67, 0 br i1 %68, label %75, label %69 %70 = call i32 @bcmp(i8* dereferenceable(2) %60, i8* dereferenceable(2) getelementptr inbounds ([3 x i8], [3 x i8]* @.str.3.41489, i64 0, i64 0), i64 2) %71 = icmp eq i32 %70, 0 br i1 %71, label %75, label %72 %73 = call i32 @bcmp(i8* dereferenceable(3) %60, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.41490, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %209 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %210 = bitcast i8* %209 to i32* %211 = load i32, i32* %210, align 8 %212 = icmp eq i32 %211, 1701736302 br i1 %212, label %222, label %213 %214 = trunc i32 %211 to i16 %215 = call i32 @bcmp(i8* dereferenceable(6) %209, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %216 = icmp eq i32 %215, 0 %217 = icmp eq i16 %214, 28521 %218 = or i1 %216, %217 br i1 %218, label %222, label %219 %220 = call i32 @bcmp(i8* dereferenceable(3) %209, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.41490, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.41518, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.41518, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %257 = bitcast i32* %8 to i8* %258 = bitcast i32* %9 to i8* %259 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 7 %260 = call i32 @bcmp(i8* dereferenceable(7) %259, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.21.41519, i64 0, i64 0), i64 7) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.41518, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %323 = icmp eq i64 %206, 2338324113575339364 br i1 %323, label %324, label %370 %325 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %326 = bitcast i8* %325 to i32* %327 = load i32, i32* %326, align 8 %328 = icmp eq i32 %327, 1701736302 br i1 %328, label %338, label %329 %330 = trunc i32 %327 to i16 %331 = call i32 @bcmp(i8* dereferenceable(6) %325, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) ------------- Use: =BAD PATH= Call Stack: 0 vga_arb_write ------------- Path:  Function:vga_arb_write %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca [64 x i8], align 16 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %11 = bitcast i8** %10 to %struct.vga_arb_private** %12 = load %struct.vga_arb_private*, %struct.vga_arb_private** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 0 %14 = icmp ugt i64 %2, 63 br i1 %14, label %370, label %15 %16 = call i64 @_copy_from_user(i8* nonnull %13, i8* %1, i64 %2) #69 %17 = icmp eq i64 %16, 0 br i1 %17, label %18, label %370 %19 = getelementptr [64 x i8], [64 x i8]* %7, i64 0, i64 %2 store i8 0, i8* %19, align 1 %20 = call i32 @bcmp(i8* nonnull dereferenceable(5) %13, i8* dereferenceable(5) getelementptr inbounds ([6 x i8], [6 x i8]* @.str.16.41515, i64 0, i64 0), i64 5) %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %56 %57 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.17.41516, i64 0, i64 0), i64 7) %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %204 %205 = bitcast [64 x i8]* %7 to i64* %206 = load i64, i64* %205, align 16 %207 = icmp eq i64 %206, 2336070161934152308 br i1 %207, label %208, label %253 %254 = call i32 @bcmp(i8* nonnull dereferenceable(7) %13, i8* dereferenceable(7) getelementptr inbounds ([8 x i8], [8 x i8]* @.str.20.41518, i64 0, i64 0), i64 7) %255 = icmp eq i32 %254, 0 br i1 %255, label %256, label %322 %323 = icmp eq i64 %206, 2338324113575339364 br i1 %323, label %324, label %370 %325 = getelementptr inbounds [64 x i8], [64 x i8]* %7, i64 0, i64 8 %326 = bitcast i8* %325 to i32* %327 = load i32, i32* %326, align 8 %328 = icmp eq i32 %327, 1701736302 br i1 %328, label %338, label %329 %330 = trunc i32 %327 to i16 %331 = call i32 @bcmp(i8* dereferenceable(6) %325, i8* dereferenceable(6) getelementptr inbounds ([7 x i8], [7 x i8]* @.str.2.41491, i64 0, i64 0), i64 6) %332 = icmp eq i32 %331, 0 %333 = icmp eq i16 %330, 28521 %334 = or i1 %332, %333 br i1 %334, label %338, label %335 %336 = call i32 @bcmp(i8* dereferenceable(3) %325, i8* dereferenceable(3) getelementptr inbounds ([4 x i8], [4 x i8]* @.str.4.41490, i64 0, i64 0), i64 3) ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.522375, %struct.device.522375* %0, i64 -2, i32 11 %13 = bitcast %struct.dev_pm_info.522120* %12 to %struct.Scsi_Host.525548* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.34.43573, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #69 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.35.43574, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 store_scan ------------- Path:  Function:store_scan %5 = alloca i8*, align 8 %6 = alloca i8*, align 8 %7 = alloca i8*, align 8 %8 = alloca [15 x i8], align 1 %9 = alloca [15 x i8], align 1 %10 = alloca [17 x i8], align 16 %11 = alloca i8, align 1 %12 = getelementptr %struct.device.522375, %struct.device.522375* %0, i64 -2, i32 11 %13 = bitcast %struct.dev_pm_info.522120* %12 to %struct.Scsi_Host.525548* %14 = getelementptr inbounds [15 x i8], [15 x i8]* %8, i64 0, i64 0 %15 = getelementptr inbounds [15 x i8], [15 x i8]* %9, i64 0, i64 0 %16 = getelementptr inbounds [17 x i8], [17 x i8]* %10, i64 0, i64 0 %17 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([18 x i8], [18 x i8]* @.str.34.43573, i64 0, i64 0), i8* nonnull %14, i8* nonnull %15, i8* nonnull %16, i8* nonnull %11) #69 %18 = icmp eq i32 %17, 3 br i1 %18, label %19, label %66 %20 = bitcast i8** %7 to i8* %21 = call i32 @bcmp(i8* nonnull dereferenceable(2) %14, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.35.43574, i64 0, i64 0), i64 2) #6 %22 = icmp eq i32 %21, 0 br i1 %22, label %29, label %23 %24 = call i64 @simple_strtoull(i8* nonnull %14, i8** nonnull %7, i32 0) #69 %25 = load i8*, i8** %7, align 8 %26 = load i8, i8* %25, align 1 %27 = icmp eq i8 %26, 0 br i1 %27, label %29, label %28 %30 = phi i64 [ %24, %23 ], [ -1, %19 ] %31 = bitcast i8** %6 to i8* %32 = call i32 @bcmp(i8* nonnull dereferenceable(2) %15, i8* dereferenceable(2) getelementptr inbounds ([2 x i8], [2 x i8]* @.str.35.43574, i64 0, i64 0), i64 2) #6 ------------- Use: =BAD PATH= Call Stack: 0 xhci_port_write ------------- Path:  Function:xhci_port_write %5 = alloca [32 x i8], align 16 %6 = getelementptr inbounds %struct.file.512540, %struct.file.512540* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.512086** %8 = load %struct.seq_file.512086*, %struct.seq_file.512086** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.512086, %struct.seq_file.512086* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.xhci_port.571518** %11 = load %struct.xhci_port.571518*, %struct.xhci_port.571518** %10, align 8 %12 = getelementptr inbounds %struct.xhci_port.571518, %struct.xhci_port.571518* %11, i64 0, i32 3 %13 = load %struct.xhci_hub.571516*, %struct.xhci_hub.571516** %12, align 8 %14 = getelementptr inbounds %struct.xhci_hub.571516, %struct.xhci_hub.571516* %13, i64 0, i32 2 %15 = load %struct.usb_hcd.571491*, %struct.usb_hcd.571491** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.usb_hcd.559417*)* @usb_hcd_is_primary_hcd to i32 (%struct.usb_hcd.571491*)*)(%struct.usb_hcd.571491* %15) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %21 %22 = phi %struct.usb_hcd.571491* [ %20, %18 ], [ %15, %4 ] %23 = getelementptr inbounds %struct.usb_hcd.571491, %struct.usb_hcd.571491* %22, i64 0, i32 29, i64 0 %24 = bitcast i64* %23 to %struct.xhci_hcd.571519* %25 = getelementptr inbounds [32 x i8], [32 x i8]* %5, i64 0, i64 0 %26 = icmp ult i64 %2, 31 %27 = select i1 %26, i64 %2, i64 31 %28 = call i64 @_copy_from_user(i8* nonnull %25, i8* %1, i64 %27) #69 %29 = icmp eq i64 %28, 0 br i1 %29, label %30, label %53 %31 = call i32 @bcmp(i8* nonnull dereferenceable(10) %25, i8* dereferenceable(10) getelementptr inbounds ([11 x i8], [11 x i8]* @.str.203.50187, i64 0, i64 0), i64 10) ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.608989* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %18 = icmp eq i64 %2, 2076 br i1 %18, label %19, label %133 %20 = getelementptr inbounds i8, i8* %1, i64 2072 %21 = bitcast i8* %20 to i32* %22 = load i32, i32* %21, align 1 %23 = getelementptr inbounds i8, i8* %1, i64 1024 %24 = bitcast i8* %23 to i64* %25 = load i64, i64* %24, align 1 %26 = getelementptr inbounds i8, i8* %1, i64 1032 %27 = bitcast i8* %26 to i64* %28 = load i64, i64* %27, align 1 %29 = bitcast i8* %1 to i16* %30 = getelementptr inbounds i8, i8* %1, i64 1040 %31 = bitcast i8* %30 to i32* %32 = load i32, i32* %31, align 1 %33 = zext i32 %32 to i64 %34 = getelementptr inbounds i8, i8* %1, i64 1044 %35 = bitcast %struct.efivar_entry.608989* %0 to i8* %36 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %35, i64 1024) #6 %37 = icmp eq i32 %36, 0 br i1 %37, label %38, label %53 %39 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1 %40 = bitcast %struct.uuid_t* %39 to i64* %41 = load i64, i64* %40, align 1 %42 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %43 = bitcast i8* %42 to i64* %44 = load i64, i64* %43, align 1 %45 = bitcast { i64, i64 }* %6 to i8* %46 = bitcast { i64, i64 }* %7 to i8* %47 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 0 store i64 %25, i64* %47, align 8 %48 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %6, i64 0, i32 1 store i64 %28, i64* %48, align 8 %49 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 0 store i64 %41, i64* %49, align 8 %50 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %7, i64 0, i32 1 store i64 %44, i64* %50, align 8 %51 = call i32 @bcmp(i8* nonnull dereferenceable(16) %45, i8* nonnull dereferenceable(16) %46, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.608989* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 ------------- Use: =BAD PATH= Call Stack: 0 efivar_store_raw ------------- Path:  Function:efivar_store_raw %4 = alloca { i64, i64 }, align 8 %5 = alloca { i64, i64 }, align 8 %6 = alloca { i64, i64 }, align 8 %7 = alloca { i64, i64 }, align 8 %8 = icmp ne %struct.efivar_entry.608989* %0, null %9 = icmp ne i8* %1, null %10 = and i1 %8, %9 br i1 %10, label %11, label %133 %12 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %12, i64 0, i32 0, i32 1 %14 = load i32, i32* %13, align 8 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %75, label %17 %76 = icmp eq i64 %2, 2084 br i1 %76, label %77, label %133 %78 = getelementptr inbounds i8, i8* %1, i64 2080 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 1 %81 = getelementptr inbounds i8, i8* %1, i64 1024 %82 = bitcast i8* %81 to i64* %83 = load i64, i64* %82, align 1 %84 = getelementptr inbounds i8, i8* %1, i64 1032 %85 = bitcast i8* %84 to i64* %86 = load i64, i64* %85, align 1 %87 = bitcast i8* %1 to i16* %88 = getelementptr inbounds i8, i8* %1, i64 1040 %89 = bitcast i8* %88 to i64* %90 = load i64, i64* %89, align 1 %91 = getelementptr inbounds i8, i8* %1, i64 1048 %92 = bitcast %struct.efivar_entry.608989* %0 to i8* %93 = tail call i32 @bcmp(i8* nonnull dereferenceable(1024) %1, i8* nonnull dereferenceable(1024) %92, i64 1024) #6 %94 = icmp eq i32 %93, 0 br i1 %94, label %95, label %110 %96 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1 %97 = bitcast %struct.uuid_t* %96 to i64* %98 = load i64, i64* %97, align 1 %99 = getelementptr inbounds %struct.efivar_entry.608989, %struct.efivar_entry.608989* %0, i64 0, i32 0, i32 1, i32 0, i64 8 %100 = bitcast i8* %99 to i64* %101 = load i64, i64* %100, align 1 %102 = bitcast { i64, i64 }* %4 to i8* %103 = bitcast { i64, i64 }* %5 to i8* %104 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 0 store i64 %83, i64* %104, align 8 %105 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %4, i64 0, i32 1 store i64 %86, i64* %105, align 8 %106 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 0 store i64 %98, i64* %106, align 8 %107 = getelementptr inbounds { i64, i64 }, { i64, i64 }* %5, i64 0, i32 1 store i64 %101, i64* %107, align 8 %108 = call i32 @bcmp(i8* nonnull dereferenceable(16) %102, i8* nonnull dereferenceable(16) %103, i64 16) #6 ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __ia32_compat_sys_socketcall ------------- Path:  Function:__ia32_compat_sys_socketcall %2 = alloca [6 x i64], align 16 %3 = alloca [6 x i32], align 16 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %5 to i32 %9 = bitcast [6 x i32]* %3 to i8* %10 = add i32 %8, -1 %11 = icmp ugt i32 %10, 19 br i1 %11, label %269, label %12 %13 = and i64 %5, 4294967295 %14 = and i64 %7, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nas, i64 0, i64 %13 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 0 %19 = inttoptr i64 %14 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %9, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %269 %23 = lshr i8 %16, 2 %24 = zext i8 %23 to i32 %25 = bitcast [6 x i64]* %2 to i8* %26 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !4 %27 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %26, i64 0, i32 97 %28 = load %struct.audit_context*, %struct.audit_context** %27, align 8 %29 = icmp eq %struct.audit_context* %28, null br i1 %29, label %68, label %30 %31 = bitcast %struct.audit_context* %28 to i32* %32 = load i32, i32* %31, align 4 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %68 %35 = icmp eq i8 %23, 0 br i1 %35, label %82, label %36 %37 = zext i8 %23 to i64 %38 = add nsw i64 %37, -1 %39 = and i64 %37, 3 %40 = icmp ult i64 %38, 3 br i1 %40, label %69, label %41 %42 = and i64 %37, 60 br label %43 %44 = phi i64 [ 0, %41 ], [ %65, %43 ] %45 = phi i64 [ %42, %41 ], [ %66, %43 ] %46 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %44 %47 = load i32, i32* %46, align 16 %48 = zext i32 %47 to i64 %49 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %44 store i64 %48, i64* %49, align 16 %50 = or i64 %44, 1 %51 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %50 %52 = load i32, i32* %51, align 4 %53 = zext i32 %52 to i64 %54 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %50 store i64 %53, i64* %54, align 8 %55 = or i64 %44, 2 %56 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %55 %57 = load i32, i32* %56, align 8 %58 = zext i32 %57 to i64 %59 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %55 store i64 %58, i64* %59, align 16 %60 = or i64 %44, 3 %61 = getelementptr [6 x i32], [6 x i32]* %3, i64 0, i64 %60 %62 = load i32, i32* %61, align 4 %63 = zext i32 %62 to i64 %64 = getelementptr [6 x i64], [6 x i64]* %2, i64 0, i64 %60 store i64 %63, i64* %64, align 8 %65 = add nuw nsw i64 %44, 4 %66 = add i64 %45, -4 %67 = icmp eq i64 %66, 0 br i1 %67, label %69, label %43 %70 = phi i64 [ 0, %36 ], [ %65, %43 ] %71 = icmp eq i64 %39, 0 br i1 %71, label %82, label %72 %83 = getelementptr inbounds [6 x i64], [6 x i64]* %2, i64 0, i64 0 %84 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %83) #69 %85 = icmp eq i32 %84, 0 br i1 %85, label %88, label %86 %89 = load i32, i32* %18, align 16 %90 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 1 %91 = load i32, i32* %90, align 4 switch i32 %8, label %266 [ i32 1, label %92 i32 2, label %96 i32 3, label %102 i32 4, label %108 i32 5, label %110 i32 6, label %118 i32 7, label %126 i32 8, label %134 i32 9, label %142 i32 11, label %151 i32 10, label %166 i32 12, label %176 i32 13, label %194 i32 14, label %196 i32 15, label %206 i32 16, label %218 i32 20, label %226 i32 17, label %235 i32 19, label %243 i32 18, label %256 ] %219 = zext i32 %91 to i64 %220 = getelementptr inbounds [6 x i32], [6 x i32]* %3, i64 0, i64 2 %221 = load i32, i32* %220, align 8 %222 = inttoptr i64 %219 to %struct.user_msghdr* %223 = or i32 %221, -2147483648 %224 = call i64 @__sys_sendmsg(i32 %89, %struct.user_msghdr* %222, i32 %223, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __ia32_compat_sys_sendmsg ------------- Path:  Function:__ia32_compat_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = inttoptr i64 %6 to %struct.user_msghdr* %12 = or i32 %10, -2147483648 %13 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %11, i32 %12, i1 zeroext false) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __se_sys_socketcall 3 __ia32_sys_socketcall ------------- Path:  Function:__ia32_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_socketcall(i64 %4, i64 %7) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %211 = trunc i64 %39 to i32 %212 = inttoptr i64 %41 to %struct.user_msghdr* %213 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %214 = load i64, i64* %213, align 16 %215 = trunc i64 %214 to i32 %216 = call i64 @__sys_sendmsg(i32 %211, %struct.user_msghdr* %212, i32 %215, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __se_sys_socketcall 3 __x64_sys_socketcall ------------- Path:  Function:__x64_sys_socketcall %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_socketcall(i64 %3, i64 %5) #69 Function:__se_sys_socketcall %3 = alloca %struct.anon.54, align 8 %4 = alloca [6 x i64], align 16 %5 = trunc i64 %0 to i32 %6 = bitcast [6 x i64]* %4 to i8* %7 = add i32 %5, -1 %8 = icmp ugt i32 %7, 19 br i1 %8, label %277, label %9 %10 = and i64 %0, 4294967295 %11 = tail call i64 asm sideeffect "cmp $1,$2; sbb $0,$0;", "=r,imr,r,~{cc},~{dirflag},~{fpsr},~{flags}"(i64 21, i64 %10) #6, !srcloc !4 %12 = and i64 %11, %0 %13 = trunc i64 %12 to i32 %14 = and i64 %12, 4294967295 %15 = getelementptr [21 x i8], [21 x i8]* @nargs, i64 0, i64 %14 %16 = load i8, i8* %15, align 1 %17 = zext i8 %16 to i64 %18 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 0 %19 = inttoptr i64 %1 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %6, i8* %19, i64 %17) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %277 %23 = lshr i8 %16, 3 %24 = zext i8 %23 to i32 %25 = call %struct.task_struct.251287* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.251287** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.251287**)) #10, !srcloc !5 %26 = getelementptr inbounds %struct.task_struct.251287, %struct.task_struct.251287* %25, i64 0, i32 97 %27 = load %struct.audit_context*, %struct.audit_context** %26, align 8 %28 = icmp eq %struct.audit_context* %27, null br i1 %28, label %38, label %29 %30 = bitcast %struct.audit_context* %27 to i32* %31 = load i32, i32* %30, align 4 %32 = icmp eq i32 %31, 0 br i1 %32, label %33, label %38, !prof !6, !misexpect !7 %34 = call i32 @__audit_socketcall(i32 %24, i64* nonnull %18) #69 %35 = icmp eq i32 %34, 0 br i1 %35, label %38, label %36 %39 = load i64, i64* %18, align 16 %40 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 1 %41 = load i64, i64* %40, align 8 switch i32 %13, label %274 [ i32 1, label %42 i32 2, label %49 i32 3, label %56 i32 4, label %63 i32 5, label %67 i32 6, label %74 i32 7, label %81 i32 8, label %88 i32 9, label %98 i32 11, label %107 i32 10, label %122 i32 12, label %131 i32 13, label %146 i32 14, label %184 i32 15, label %197 i32 16, label %210 i32 20, label %218 i32 17, label %228 i32 19, label %236 i32 18, label %264 ] %211 = trunc i64 %39 to i32 %212 = inttoptr i64 %41 to %struct.user_msghdr* %213 = getelementptr inbounds [6 x i64], [6 x i64]* %4, i64 0, i64 2 %214 = load i64, i64* %213, align 16 %215 = trunc i64 %214 to i32 %216 = call i64 @__sys_sendmsg(i32 %211, %struct.user_msghdr* %212, i32 %215, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __ia32_sys_sendmsg ------------- Path:  Function:__ia32_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.user_msghdr* %11 = trunc i64 %8 to i32 %12 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %10, i32 %11, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 ____sys_sendmsg 1 __sys_sendmsg 2 __x64_sys_sendmsg ------------- Path:  Function:__x64_sys_sendmsg %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.user_msghdr** %6 = load %struct.user_msghdr*, %struct.user_msghdr** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call i64 @__sys_sendmsg(i32 %9, %struct.user_msghdr* %6, i32 %10, i1 zeroext true) #69 Function:__sys_sendmsg %5 = alloca %struct.__kernel_sockaddr_storage, align 8 %6 = alloca [8 x %struct.iovec], align 16 %7 = alloca %struct.iovec*, align 8 %8 = alloca %struct.msghdr.250942, align 8 %9 = bitcast %struct.msghdr.250942* %8 to i8* %10 = xor i1 %3, true %11 = icmp sgt i32 %2, -1 %12 = or i1 %11, %10 br i1 %12, label %13, label %61 %14 = tail call i64 @__fdget(i32 %0) #69 %15 = and i64 %14, -4 %16 = inttoptr i64 %15 to %struct.file.250940* %17 = trunc i64 %14 to i32 %18 = icmp eq i64 %15, 0 br i1 %18, label %58, label %19 %20 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 3 %21 = load %struct.file_operations.250931*, %struct.file_operations.250931** %20, align 8 %22 = icmp eq %struct.file_operations.250931* %21, @socket_file_ops br i1 %22, label %23, label %28 %24 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %16, i64 0, i32 16 %25 = bitcast i8** %24 to %struct.socket.250973** %26 = load %struct.socket.250973*, %struct.socket.250973** %25, align 8 %27 = icmp eq %struct.socket.250973* %26, null br i1 %27, label %28, label %33, !prof !4, !misexpect !5 %34 = and i32 %17, 1 %35 = bitcast %struct.__kernel_sockaddr_storage* %5 to i8* %36 = bitcast [8 x %struct.iovec]* %6 to i8* %37 = bitcast %struct.iovec** %7 to i8* %38 = getelementptr inbounds [8 x %struct.iovec], [8 x %struct.iovec]* %6, i64 0, i64 0 store %struct.iovec* %38, %struct.iovec** %7, align 8 %39 = bitcast %struct.msghdr.250942* %8 to %struct.__kernel_sockaddr_storage** store %struct.__kernel_sockaddr_storage* %5, %struct.__kernel_sockaddr_storage** %39, align 8 br i1 %11, label %43, label %40 %44 = call fastcc i32 @copy_msghdr_from_user(%struct.msghdr.250942* nonnull %8, %struct.user_msghdr* %1, %struct.sys_desc_table** null, %struct.iovec** nonnull %7) #69 br label %45 %46 = phi i32 [ %42, %40 ], [ %44, %43 ] %47 = icmp slt i32 %46, 0 br i1 %47, label %52, label %48 %49 = call fastcc i32 @____sys_sendmsg(%struct.socket.250973* nonnull %26, %struct.msghdr.250942* nonnull %8, i32 %2, %struct.used_address* null, i32 0) #69 Function:____sys_sendmsg %6 = alloca [36 x i8], align 8 %7 = getelementptr inbounds [36 x i8], [36 x i8]* %6, i64 0, i64 0 %8 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 4 %9 = load i64, i64* %8, align 8 %10 = icmp ugt i64 %9, 2147483647 br i1 %10, label %147, label %11 %12 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 5 %13 = load i32, i32* %12, align 8 %14 = and i32 %13, %4 %15 = or i32 %14, %2 %16 = trunc i64 %9 to i32 %17 = icmp slt i32 %15, 0 %18 = icmp ne i32 %16, 0 %19 = and i1 %18, %17 br i1 %19, label %20, label %31 br i1 %18, label %32, label %46 %47 = phi i8* [ %28, %26 ], [ %40, %45 ], [ %7, %31 ] %48 = phi i32 [ %30, %26 ], [ %16, %45 ], [ 0, %31 ] store i32 %15, i32* %12, align 8 %49 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 3 %50 = load %struct.file.250940*, %struct.file.250940** %49, align 16 %51 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %50, i64 0, i32 7 %52 = load i32, i32* %51, align 8 %53 = and i32 %52, 2048 %54 = icmp eq i32 %53, 0 br i1 %54, label %57, label %55 %58 = icmp ne %struct.used_address* %3, null br i1 %58, label %59, label %98 %60 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 0 %61 = load i8*, i8** %60, align 8 %62 = icmp eq i8* %61, null br i1 %62, label %98, label %63 %64 = getelementptr inbounds %struct.used_address, %struct.used_address* %3, i64 0, i32 1 %65 = load i32, i32* %64, align 8 %66 = getelementptr inbounds %struct.msghdr.250942, %struct.msghdr.250942* %1, i64 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %65, %67 br i1 %68, label %69, label %98 %70 = bitcast %struct.used_address* %3 to i8* %71 = zext i32 %65 to i64 %72 = call i32 @bcmp(i8* nonnull %70, i8* nonnull %61, i64 %71) ------------- Use: =BAD PATH= Call Stack: 0 dev_get_port_parent_id 1 phys_switch_id_show ------------- Path:  Function:phys_switch_id_show %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr %struct.device.664385, %struct.device.664385* %0, i64 -2, i32 11, i32 4 %6 = bitcast %struct.list_head* %5 to %struct.net_device.664139* %7 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 30, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.net_device_ops.664068** %9 = load %struct.net_device_ops.664068*, %struct.net_device_ops.664068** %8, align 8 %10 = getelementptr inbounds %struct.net_device_ops.664068, %struct.net_device_ops.664068* %9, i64 0, i32 54 %11 = load i32 (%struct.net_device.664139*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.664139*, %struct.netdev_phys_item_id*)** %10, align 8 %12 = icmp eq i32 (%struct.net_device.664139*, %struct.netdev_phys_item_id*)* %11, null br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.net_device_ops.664068, %struct.net_device_ops.664068* %9, i64 0, i32 68 %15 = load %struct.devlink_port* (%struct.net_device.664139*)*, %struct.devlink_port* (%struct.net_device.664139*)** %14, align 8 %16 = icmp eq %struct.devlink_port* (%struct.net_device.664139*)* %15, null br i1 %16, label %42, label %17 %18 = tail call i32 @rtnl_trylock() #69 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %23 %24 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 73 %25 = bitcast %struct.list_head* %24 to i8* %26 = load i8, i8* %25, align 16 %27 = icmp ugt i8 %26, 1 br i1 %27, label %40, label %28 %29 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %30 = call i32 bitcast (i32 (%struct.net_device.653918*, %struct.netdev_phys_item_id*, i1)* @dev_get_port_parent_id to i32 (%struct.net_device.664139*, %struct.netdev_phys_item_id*, i1)*)(%struct.net_device.664139* %6, %struct.netdev_phys_item_id* nonnull %4, i1 zeroext false) #69 Function:dev_get_port_parent_id %4 = alloca %struct.netdev_phys_item_id, align 1 %5 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 30 %6 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %5, align 8 %7 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 0, i64 0 %8 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %6, i64 0, i32 54 %9 = load i32 (%struct.net_device.653918*, %struct.netdev_phys_item_id*)*, i32 (%struct.net_device.653918*, %struct.netdev_phys_item_id*)** %8, align 8 %10 = icmp eq i32 (%struct.net_device.653918*, %struct.netdev_phys_item_id*)* %9, null br i1 %10, label %16, label %11 %12 = tail call i32 %9(%struct.net_device.653918* %0, %struct.netdev_phys_item_id* %1) #69 %13 = icmp ne i32 %12, -95 %14 = xor i1 %2, true %15 = or i1 %13, %14 br i1 %15, label %57, label %17 %18 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 14, i32 1, i32 0 %19 = bitcast %struct.list_head** %18 to i64* %20 = load i64, i64* %19, align 16 %21 = inttoptr i64 %20 to %struct.list_head* %22 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %0, i64 0, i32 14, i32 1 %23 = icmp eq %struct.list_head* %22, %21 br i1 %23, label %57, label %24 %25 = inttoptr i64 %20 to i8* %26 = getelementptr i8, i8* %25, i64 -24 %27 = bitcast i8* %26 to i8** %28 = load i8*, i8** %27, align 8 %29 = icmp eq i8* %28, null br i1 %29, label %57, label %30 %31 = getelementptr inbounds %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %4, i64 0, i32 1 %32 = getelementptr %struct.netdev_phys_item_id, %struct.netdev_phys_item_id* %1, i64 0, i32 0, i64 0 br label %33 %34 = phi i8* [ %28, %30 ], [ %55, %51 ] %35 = phi i64 [ %20, %30 ], [ %37, %51 ] %36 = inttoptr i64 %35 to i64* %37 = load i64, i64* %36, align 8 %38 = bitcast i8* %34 to %struct.net_device.653918* %39 = tail call i32 @dev_get_port_parent_id(%struct.net_device.653918* nonnull %38, %struct.netdev_phys_item_id* %1, i1 zeroext %2) #70 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %57 %42 = load i8, i8* %31, align 1 %43 = icmp eq i8 %42, 0 br i1 %43, label %44, label %45 %46 = call i32 @bcmp(i8* nonnull dereferenceable(33) %7, i8* dereferenceable(33) %32, i64 33) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ipv4_neigh_lookup ------------- Path:  Function:ipv4_neigh_lookup %4 = alloca i32, align 4 %5 = alloca i32, align 4 %6 = bitcast %struct.dst_entry.706562* %0 to %struct.rtable.706564* %7 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 0, i32 0 %8 = load %struct.net_device.707029*, %struct.net_device.707029** %7, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %9 = getelementptr inbounds %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 1, i32 2 %10 = bitcast i64* %9 to i8* %11 = load i8, i8* %10, align 8 switch i8 %11, label %155 [ i8 2, label %12 i8 10, label %66 ], !prof !6 %67 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %6, i64 0, i32 8, i32 0 %68 = bitcast %struct.in6_addr* %67 to i8* %69 = load %struct.ipv6_stub.707034*, %struct.ipv6_stub.707034** bitcast (%struct.ipv6_stub.798409** @ipv6_stub to %struct.ipv6_stub.707034**), align 8 %70 = getelementptr inbounds %struct.ipv6_stub.707034, %struct.ipv6_stub.707034* %69, i64 0, i32 17 %71 = load %struct.neigh_table.706531*, %struct.neigh_table.706531** %70, align 8 %72 = getelementptr inbounds %struct.neigh_table.706531, %struct.neigh_table.706531* %71, i64 0, i32 29 %73 = bitcast %struct.neigh_hash_table.706530** %72 to i64* %74 = load volatile i64, i64* %73, align 8 %75 = inttoptr i64 %74 to %struct.neigh_hash_table.706530* %76 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 2, i64 0 %77 = getelementptr %struct.in6_addr, %struct.in6_addr* %67, i64 0, i32 0, i32 0, i64 0 %78 = load i32, i32* %77, align 4 %79 = ptrtoint %struct.net_device.707029* %8 to i64 %80 = lshr i64 %79, 32 %81 = xor i64 %80, %79 %82 = trunc i64 %81 to i32 %83 = xor i32 %78, %82 %84 = load i32, i32* %76, align 4 %85 = mul i32 %83, %84 %86 = getelementptr %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 1, i32 3 %87 = bitcast i64* %86 to i32* %88 = load i32, i32* %87, align 4 %89 = getelementptr %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 2, i64 1 %90 = load i32, i32* %89, align 4 %91 = mul i32 %90, %88 %92 = add i32 %91, %85 %93 = getelementptr %struct.rtable.706564, %struct.rtable.706564* %6, i64 0, i32 8, i32 0, i32 0, i32 0, i64 2 %94 = load i32, i32* %93, align 4 %95 = getelementptr %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 2, i64 2 %96 = load i32, i32* %95, align 4 %97 = mul i32 %96, %94 %98 = add i32 %92, %97 %99 = getelementptr %struct.dst_entry.706562, %struct.dst_entry.706562* %0, i64 1, i32 4 %100 = bitcast %struct.xfrm_state.706561** %99 to i32* %101 = load i32, i32* %100, align 4 %102 = getelementptr %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 2, i64 3 %103 = load i32, i32* %102, align 4 %104 = mul i32 %103, %101 %105 = add i32 %98, %104 %106 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 1 %107 = load i32, i32* %106, align 8 %108 = sub i32 32, %107 %109 = lshr i32 %105, %108 %110 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %75, i64 0, i32 0 %111 = load %struct.neighbour.706534**, %struct.neighbour.706534*** %110, align 8 %112 = zext i32 %109 to i64 %113 = getelementptr %struct.neighbour.706534*, %struct.neighbour.706534** %111, i64 %112 %114 = bitcast %struct.neighbour.706534** %113 to i64* %115 = load volatile i64, i64* %114, align 8 %116 = inttoptr i64 %115 to %struct.neighbour.706534* %117 = icmp eq i64 %115, 0 br i1 %117, label %150, label %118 %119 = phi %struct.neighbour.706534* [ %148, %145 ], [ %116, %66 ] %120 = phi i64 [ %147, %145 ], [ %115, %66 ] %121 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %119, i64 0, i32 25 %122 = load %struct.net_device.707029*, %struct.net_device.707029** %121, align 8 %123 = icmp eq %struct.net_device.707029* %122, %8 br i1 %123, label %124, label %145 %125 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %119, i64 0, i32 26, i64 0 %126 = bitcast i8* %125 to i32* %127 = load i32, i32* %126, align 4 %128 = xor i32 %127, %78 %129 = getelementptr %struct.neighbour.706534, %struct.neighbour.706534* %119, i64 0, i32 26, i64 4 %130 = bitcast i8* %129 to i32* %131 = load i32, i32* %130, align 4 %132 = xor i32 %131, %88 %133 = or i32 %132, %128 %134 = getelementptr %struct.neighbour.706534, %struct.neighbour.706534* %119, i64 0, i32 26, i64 8 %135 = bitcast i8* %134 to i32* %136 = load i32, i32* %135, align 4 %137 = xor i32 %136, %94 %138 = or i32 %133, %137 %139 = getelementptr %struct.neighbour.706534, %struct.neighbour.706534* %119, i64 0, i32 26, i64 12 %140 = bitcast i8* %139 to i32* %141 = load i32, i32* %140, align 4 %142 = xor i32 %141, %101 %143 = or i32 %138, %142 %144 = icmp eq i32 %143, 0 br i1 %144, label %150, label %145 %146 = inttoptr i64 %120 to i64* %147 = load volatile i64, i64* %146, align 8 %148 = inttoptr i64 %147 to %struct.neighbour.706534* %149 = icmp eq i64 %147, 0 br i1 %149, label %153, label %118 %154 = tail call %struct.neighbour.706534* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*, i1)* @__neigh_create to %struct.neighbour.706534* (%struct.neigh_table.706531*, i8*, %struct.net_device.707029*, i1)*)(%struct.neigh_table.706531* %71, i8* %68, %struct.net_device.707029* %8, i1 zeroext false) #69 Function:__neigh_create %5 = tail call fastcc %struct.neighbour.653686* @___neigh_create(%struct.neigh_table.653683* %0, i8* %1, %struct.net_device.653918* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #69 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 55 %105 = load i16, i16* %104, align 2 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #69 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour.653686* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = bitcast i8* %123 to i32* store i32 0, i32* %124, align 4 %125 = getelementptr inbounds i8, i8* %109, i64 144 %126 = bitcast i8* %125 to i32* store i32 0, i32* %126, align 8 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** store i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)* @neigh_blackhole, i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = bitcast i8* %135 to i32* store i32 0, i32* %136, align 4 %137 = getelementptr inbounds i8, i8* %109, i64 192 %138 = bitcast i8* %137 to i32* store i32 0, i32* %138, align 8 %139 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %union.anon.21, %union.anon.21* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%union.anon.21* %140, i32 %149) #69 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms.653818** store %struct.neigh_parms.653818* %139, %struct.neigh_parms.653818** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %155 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table.653683** store %struct.neigh_table.653683* %0, %struct.neigh_table.653683** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = ptrtoint i8* %163 to i64 %165 = bitcast i8* %163 to i64* store volatile i64 %164, i64* %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour.653686* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@___neigh_create, %174)) #6 to label %196 [label %174], !srcloc !16 %197 = icmp eq %struct.neighbour.653686* %173, null br i1 %197, label %395, label %198 %199 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 26, i64 0 %200 = zext i32 %8 to i64 %201 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 25 store %struct.net_device.653918* %2, %struct.net_device.653918** %201, align 8 %202 = icmp eq %struct.net_device.653918* %2, null br i1 %202, label %206, label %203 %207 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 6 %208 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %207, align 8 %209 = icmp eq i32 (%struct.neighbour.653686*)* %208, null br i1 %209, label %216, label %210 %217 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 30 %218 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %217, align 8 %219 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %218, i64 0, i32 43 %220 = load i32 (%struct.net_device.653918*, %struct.neighbour.653686*)*, i32 (%struct.net_device.653918*, %struct.neighbour.653686*)** %219, align 8 %221 = icmp eq i32 (%struct.net_device.653918*, %struct.neighbour.653686*)* %220, null br i1 %221, label %228, label %222 %229 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 2 %230 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %231 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %230, i64 0, i32 3 %232 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %231, align 8 %233 = icmp eq i32 (%struct.neighbour.653686*)* %232, null br i1 %233, label %242, label %234 %235 = tail call i32 %232(%struct.neighbour.653686* nonnull %173) #69 %236 = icmp slt i32 %235, 0 br i1 %236, label %239, label %237 %238 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 br label %242 %243 = phi %struct.neigh_parms.653818* [ %238, %237 ], [ %230, %228 ] %244 = load volatile i64, i64* @jiffies, align 64 %245 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %243, i64 0, i32 10, i64 5 %246 = load i32, i32* %245, align 4 %247 = shl i32 %246, 1 %248 = sext i32 %247 to i64 %249 = sub i64 %244, %248 %250 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 3 store i64 %249, i64* %250, align 8 %251 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %251) #69 %252 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 29 %253 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %254 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 %255 = load volatile i32, i32* %254, align 4 %256 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %253, i64 0, i32 1 %257 = load i32, i32* %256, align 8 %258 = shl nuw i32 1, %257 %259 = icmp sgt i32 %255, %258 br i1 %259, label %260, label %314 %261 = add i32 %257, 1 %262 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %263 = load %struct.neigh_statistics*, %struct.neigh_statistics** %262, align 8 %264 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %263, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %264, i64* %264) #6, !srcloc !22 %265 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %266 = tail call fastcc %struct.neigh_hash_table.653682* @neigh_hash_alloc(i32 %261) #69 %267 = icmp eq %struct.neigh_hash_table.653682* %266, null br i1 %267, label %314, label %268 %269 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 1 %270 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 0 %271 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %272 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 2, i64 0 %273 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 1 %274 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 0 br label %275 %276 = phi i32 [ 0, %268 ], [ %306, %305 ] %277 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %270, align 8 %278 = zext i32 %276 to i64 %279 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %277, i64 %278 %280 = load %struct.neighbour.653686*, %struct.neighbour.653686** %279, align 8 %281 = icmp eq %struct.neighbour.653686* %280, null br i1 %281, label %305, label %282 %283 = phi %struct.neighbour.653686* [ %293, %282 ], [ %280, %275 ] %284 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %271, align 8 %285 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 26, i64 0 %286 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 25 %287 = load %struct.net_device.653918*, %struct.net_device.653918** %286, align 8 %288 = tail call i32 %284(i8* %285, %struct.net_device.653918* %287, i32* %272) #69 %289 = load i32, i32* %273, align 8 %290 = sub i32 32, %289 %291 = lshr i32 %288, %290 %292 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 0 %293 = load %struct.neighbour.653686*, %struct.neighbour.653686** %292, align 8 %294 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %295 = zext i32 %291 to i64 %296 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %294, i64 %295 %297 = bitcast %struct.neighbour.653686** %296 to i64* %298 = load i64, i64* %297, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %299 = bitcast %struct.neighbour.653686* %283 to i64* store volatile i64 %298, i64* %299, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %300 = ptrtoint %struct.neighbour.653686* %283 to i64 %301 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %302 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %301, i64 %295 %303 = bitcast %struct.neighbour.653686** %302 to i64* store volatile i64 %300, i64* %303, align 8 %304 = icmp eq %struct.neighbour.653686* %293, null br i1 %304, label %305, label %282 %306 = add i32 %276, 1 %307 = load i32, i32* %269, align 8 %308 = lshr i32 %306, %307 %309 = icmp eq i32 %308, 0 br i1 %309, label %275, label %310 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %311 = ptrtoint %struct.neigh_hash_table.653682* %266 to i64 %312 = bitcast %struct.neigh_hash_table.653682** %252 to i64* store volatile i64 %311, i64* %312, align 8 %313 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %313, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %314 %315 = phi %struct.neigh_hash_table.653682* [ %253, %242 ], [ %266, %310 ], [ %265, %260 ] %316 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %317 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %316, align 8 %318 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 2, i64 0 %319 = tail call i32 %317(i8* %199, %struct.net_device.653918* %2, i32* %318) #69 %320 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %321 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %320, i64 0, i32 6 %322 = load i32, i32* %321, align 8 %323 = icmp eq i32 %322, 0 br i1 %323, label %324, label %397 %325 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 1 %326 = load i32, i32* %325, align 8 %327 = sub i32 32, %326 %328 = lshr i32 %319, %327 %329 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 0 %330 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %329, align 8 %331 = zext i32 %328 to i64 %332 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %330, i64 %331 %333 = load %struct.neighbour.653686*, %struct.neighbour.653686** %332, align 8 %334 = icmp eq %struct.neighbour.653686* %333, null br i1 %334, label %360, label %335 %336 = phi %struct.neighbour.653686* [ %358, %356 ], [ %333, %324 ] %337 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 25 %338 = load %struct.net_device.653918*, %struct.net_device.653918** %337, align 8 %339 = icmp eq %struct.net_device.653918* %338, %2 br i1 %339, label %340, label %356 %341 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 26, i64 0 %342 = tail call i32 @bcmp(i8* %341, i8* %199, i64 %200) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 __ip_do_redirect 3 ip_do_redirect ------------- Path:  Function:ip_do_redirect %4 = alloca %struct.flowi4, align 8 %5 = bitcast %struct.flowi4* %4 to i8* %6 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 41 %7 = bitcast i8** %6 to %struct.iphdr** %8 = load %struct.iphdr*, %struct.iphdr** %7, align 8 %9 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %10 = load %struct.net_device.707029*, %struct.net_device.707029** %9, align 8 %11 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %10, i64 0, i32 22 %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 1 %14 = load i8, i8* %13, align 1 %15 = and i8 %14, 30 %16 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 6 %17 = load i8, i8* %16, align 1 %18 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 28, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp eq %struct.sock.706927* %1, null br i1 %20, label %50, label %21 %51 = phi i32 [ %24, %46 ], [ %12, %3 ] %52 = phi i8 [ %35, %46 ], [ %15, %3 ] %53 = phi i8 [ %47, %46 ], [ %17, %3 ] %54 = phi i32 [ %26, %46 ], [ %19, %3 ] %55 = phi i32 [ %49, %46 ], [ 0, %3 ] %56 = bitcast %struct.dst_entry.706562* %0 to %struct.rtable.706564* %57 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 9 %58 = load i32, i32* %57, align 4 %59 = getelementptr inbounds %struct.iphdr, %struct.iphdr* %8, i64 0, i32 8 %60 = load i32, i32* %59, align 4 %61 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 0 store i32 %51, i32* %61, align 8 %62 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 1 store i32 1, i32* %62, align 4 %63 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 2 store i32 %54, i32* %63, align 8 %64 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 3 store i8 %52, i8* %64, align 4 %65 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 4 store i8 0, i8* %65, align 1 %66 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 5 store i8 %53, i8* %66, align 2 %67 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 6 store i8 0, i8* %67, align 1 %68 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 7 store i32 0, i32* %68, align 8 %69 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 9, i32 0 store i64 0, i64* %69, align 8 %70 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 8, i32 0 store i32 %55, i32* %70, align 4 %71 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 2 store i32 %58, i32* %71, align 4 %72 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 1 store i32 %60, i32* %72, align 8 %73 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 3 %74 = bitcast %struct.kuid_t* %73 to %struct.nlattr* %75 = bitcast %struct.kuid_t* %73 to i16* store i16 0, i16* %75, align 8 %76 = getelementptr inbounds %struct.nlattr, %struct.nlattr* %74, i64 0, i32 1 store i16 0, i16* %76, align 2 %77 = getelementptr inbounds %struct.flowi4, %struct.flowi4* %4, i64 0, i32 0, i32 10 store i32 0, i32* %77, align 8 call fastcc void @__ip_do_redirect(%struct.rtable.706564* %56, %struct.sk_buff.706937* %2, %struct.flowi4* nonnull %4, i1 zeroext true) #69 Function:__ip_do_redirect %5 = alloca i32, align 4 %6 = alloca i32, align 4 %7 = alloca %struct.fib_result.707040, align 8 %8 = alloca i32, align 4 %9 = alloca i32, align 4 %10 = bitcast i32* %5 to i8* %11 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 34 %14 = load i16, i16* %13, align 2 %15 = zext i16 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds i8, i8* %16, i64 4 %18 = bitcast i8* %17 to i32* %19 = load i32, i32* %18, align 4 store i32 %19, i32* %5, align 4 %20 = bitcast i32* %6 to i8* %21 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 35 %22 = load i16, i16* %21, align 4 %23 = zext i16 %22 to i64 %24 = getelementptr i8, i8* %12, i64 %23 %25 = getelementptr inbounds i8, i8* %24, i64 12 %26 = bitcast i8* %25 to i32* %27 = load i32, i32* %26, align 4 store i32 %27, i32* %6, align 4 %28 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %1, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.707029*, %struct.net_device.707029** %28, align 8 %30 = bitcast %struct.fib_result.707040* %7 to i8* %31 = getelementptr inbounds i8, i8* %16, i64 1 %32 = load i8, i8* %31, align 1 %33 = and i8 %32, 4 %34 = icmp eq i8 %33, 0 br i1 %34, label %35, label %298 %36 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 7 %37 = load i8, i8* %36, align 8 %38 = icmp eq i8 %37, 2 br i1 %38, label %39, label %298 %40 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 8, i32 0, i32 0, i32 0, i64 0 %41 = load i32, i32* %40, align 4 %42 = icmp eq i32 %41, %27 br i1 %42, label %43, label %298 %44 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %29, i64 0, i32 67 %45 = bitcast %struct.in_device.706989** %44 to i64* %46 = load volatile i64, i64* %45, align 8 %47 = inttoptr i64 %46 to %struct.in_device.706989* %48 = icmp eq i64 %46, 0 br i1 %48, label %298, label %49 %50 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %29, i64 0, i32 107, i32 0 %51 = load %struct.net.706629*, %struct.net.706629** %50, align 8 %52 = icmp eq i32 %19, %27 br i1 %52, label %268, label %53 %54 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 0 %55 = load i32, i32* %54, align 4 %56 = icmp eq i32 %55, 0 %57 = getelementptr inbounds %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 0 %58 = load %struct.net_device.707029*, %struct.net_device.707029** %57, align 8 %59 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %58, i64 0, i32 107, i32 0 %60 = load %struct.net.706629*, %struct.net.706629** %59, align 8 %61 = getelementptr inbounds %struct.net.706629, %struct.net.706629* %60, i64 0, i32 34, i32 5 %62 = load %struct.ipv4_devconf*, %struct.ipv4_devconf** %61, align 8 %63 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %62, i64 0, i32 1, i64 3 %64 = load i32, i32* %63, align 4 %65 = icmp eq i32 %64, 0 br i1 %56, label %71, label %66 br i1 %65, label %268, label %67 %68 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 3 %69 = load i32, i32* %68, align 4 %70 = icmp eq i32 %69, 0 br i1 %70, label %268, label %76 %77 = and i32 %19, 240 %78 = icmp eq i32 %77, 224 %79 = add i32 %19, 1 %80 = icmp ult i32 %79, 2 %81 = or i1 %80, %78 br i1 %81, label %268, label %82 %83 = getelementptr %struct.ipv4_devconf, %struct.ipv4_devconf* %62, i64 0, i32 1, i64 6 %84 = load i32, i32* %83, align 8 %85 = icmp eq i32 %84, 0 br i1 %85, label %86, label %109 %87 = getelementptr %struct.in_device.706989, %struct.in_device.706989* %47, i64 0, i32 20, i32 1, i64 6 %88 = load i32, i32* %87, align 4 %89 = icmp eq i32 %88, 0 br i1 %89, label %90, label %109 %110 = tail call i32 bitcast (i32 (%struct.net.659201*, i32)* @inet_addr_type to i32 (%struct.net.706629*, i32)*)(%struct.net.706629* %51, i32 %19) #69 %111 = icmp eq i32 %110, 1 br i1 %111, label %112, label %268 %113 = getelementptr inbounds %struct.rtable.706564, %struct.rtable.706564* %0, i64 0, i32 0, i32 0 %114 = load %struct.net_device.707029*, %struct.net_device.707029** %113, align 8 tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %115 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %114, i64 0, i32 34 %116 = load i32, i32* %115, align 8 %117 = and i32 %116, 24 %118 = icmp eq i32 %117, 0 %119 = select i1 %118, i32 %19, i32 0 %120 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.706530** getelementptr inbounds (%struct.neigh_table.706531, %struct.neigh_table.706531* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.728523*, i32*)*, i1 (%struct.neighbour.728045*, i8*)*, i32 (%struct.neighbour.728045*)*, i32 (%struct.pneigh_entry.728032*)*, void (%struct.pneigh_entry.728032*)*, void (%struct.sk_buff.728431*)*, i32 (i8*)*, i1 (%struct.net_device.728523*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.728033, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.728036, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.728041*, %struct.pneigh_entry.728032** }* @arp_tbl to %struct.neigh_table.706531*), i64 0, i32 29) to i64*), align 8 %121 = inttoptr i64 %120 to %struct.neigh_hash_table.706530* %122 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 2, i64 0 %123 = ptrtoint %struct.net_device.707029* %114 to i64 %124 = lshr i64 %123, 32 %125 = xor i64 %124, %123 %126 = trunc i64 %125 to i32 %127 = xor i32 %119, %126 %128 = load i32, i32* %122, align 4 %129 = mul i32 %127, %128 %130 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 1 %131 = load i32, i32* %130, align 8 %132 = sub i32 32, %131 %133 = lshr i32 %129, %132 %134 = getelementptr inbounds %struct.neigh_hash_table.706530, %struct.neigh_hash_table.706530* %121, i64 0, i32 0 %135 = load %struct.neighbour.706534**, %struct.neighbour.706534*** %134, align 8 %136 = zext i32 %133 to i64 %137 = getelementptr %struct.neighbour.706534*, %struct.neighbour.706534** %135, i64 %136 %138 = bitcast %struct.neighbour.706534** %137 to i64* %139 = load volatile i64, i64* %138, align 8 %140 = inttoptr i64 %139 to %struct.neighbour.706534* %141 = icmp eq i64 %139, 0 br i1 %141, label %158, label %142 %143 = phi %struct.neighbour.706534* [ %156, %153 ], [ %140, %112 ] %144 = phi i64 [ %155, %153 ], [ %139, %112 ] %145 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %143, i64 0, i32 25 %146 = load %struct.net_device.707029*, %struct.net_device.707029** %145, align 8 %147 = icmp eq %struct.net_device.707029* %146, %114 br i1 %147, label %148, label %153 %149 = getelementptr inbounds %struct.neighbour.706534, %struct.neighbour.706534* %143, i64 0, i32 26, i64 0 %150 = bitcast i8* %149 to i32* %151 = load i32, i32* %150, align 8 %152 = icmp eq i32 %151, %119 br i1 %152, label %158, label %153 %154 = inttoptr i64 %144 to i64* %155 = load volatile i64, i64* %154, align 8 %156 = inttoptr i64 %155 to %struct.neighbour.706534* %157 = icmp eq i64 %155, 0 br i1 %157, label %184, label %142 tail call fastcc void @local_bh_enable.60299() #69 %185 = load %struct.net_device.707029*, %struct.net_device.707029** %113, align 8 %186 = call %struct.neighbour.706534* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*, i1)* @__neigh_create to %struct.neighbour.706534* (%struct.neigh_table.706531*, i8*, %struct.net_device.707029*, i1)*)(%struct.neigh_table.706531* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.728523*, i32*)*, i1 (%struct.neighbour.728045*, i8*)*, i32 (%struct.neighbour.728045*)*, i32 (%struct.pneigh_entry.728032*)*, void (%struct.pneigh_entry.728032*)*, void (%struct.sk_buff.728431*)*, i32 (i8*)*, i1 (%struct.net_device.728523*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.728033, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.728036, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.728041*, %struct.pneigh_entry.728032** }* @arp_tbl to %struct.neigh_table.706531*), i8* nonnull %10, %struct.net_device.707029* %185, i1 zeroext true) #69 Function:__neigh_create %5 = tail call fastcc %struct.neighbour.653686* @___neigh_create(%struct.neigh_table.653683* %0, i8* %1, %struct.net_device.653918* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #69 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 55 %105 = load i16, i16* %104, align 2 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #69 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour.653686* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = bitcast i8* %123 to i32* store i32 0, i32* %124, align 4 %125 = getelementptr inbounds i8, i8* %109, i64 144 %126 = bitcast i8* %125 to i32* store i32 0, i32* %126, align 8 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** store i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)* @neigh_blackhole, i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = bitcast i8* %135 to i32* store i32 0, i32* %136, align 4 %137 = getelementptr inbounds i8, i8* %109, i64 192 %138 = bitcast i8* %137 to i32* store i32 0, i32* %138, align 8 %139 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %union.anon.21, %union.anon.21* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%union.anon.21* %140, i32 %149) #69 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms.653818** store %struct.neigh_parms.653818* %139, %struct.neigh_parms.653818** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %155 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table.653683** store %struct.neigh_table.653683* %0, %struct.neigh_table.653683** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = ptrtoint i8* %163 to i64 %165 = bitcast i8* %163 to i64* store volatile i64 %164, i64* %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour.653686* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@___neigh_create, %174)) #6 to label %196 [label %174], !srcloc !16 %197 = icmp eq %struct.neighbour.653686* %173, null br i1 %197, label %395, label %198 %199 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 26, i64 0 %200 = zext i32 %8 to i64 %201 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 25 store %struct.net_device.653918* %2, %struct.net_device.653918** %201, align 8 %202 = icmp eq %struct.net_device.653918* %2, null br i1 %202, label %206, label %203 %207 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 6 %208 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %207, align 8 %209 = icmp eq i32 (%struct.neighbour.653686*)* %208, null br i1 %209, label %216, label %210 %217 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 30 %218 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %217, align 8 %219 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %218, i64 0, i32 43 %220 = load i32 (%struct.net_device.653918*, %struct.neighbour.653686*)*, i32 (%struct.net_device.653918*, %struct.neighbour.653686*)** %219, align 8 %221 = icmp eq i32 (%struct.net_device.653918*, %struct.neighbour.653686*)* %220, null br i1 %221, label %228, label %222 %229 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 2 %230 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %231 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %230, i64 0, i32 3 %232 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %231, align 8 %233 = icmp eq i32 (%struct.neighbour.653686*)* %232, null br i1 %233, label %242, label %234 %235 = tail call i32 %232(%struct.neighbour.653686* nonnull %173) #69 %236 = icmp slt i32 %235, 0 br i1 %236, label %239, label %237 %238 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 br label %242 %243 = phi %struct.neigh_parms.653818* [ %238, %237 ], [ %230, %228 ] %244 = load volatile i64, i64* @jiffies, align 64 %245 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %243, i64 0, i32 10, i64 5 %246 = load i32, i32* %245, align 4 %247 = shl i32 %246, 1 %248 = sext i32 %247 to i64 %249 = sub i64 %244, %248 %250 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 3 store i64 %249, i64* %250, align 8 %251 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %251) #69 %252 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 29 %253 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %254 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 %255 = load volatile i32, i32* %254, align 4 %256 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %253, i64 0, i32 1 %257 = load i32, i32* %256, align 8 %258 = shl nuw i32 1, %257 %259 = icmp sgt i32 %255, %258 br i1 %259, label %260, label %314 %261 = add i32 %257, 1 %262 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %263 = load %struct.neigh_statistics*, %struct.neigh_statistics** %262, align 8 %264 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %263, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %264, i64* %264) #6, !srcloc !22 %265 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %266 = tail call fastcc %struct.neigh_hash_table.653682* @neigh_hash_alloc(i32 %261) #69 %267 = icmp eq %struct.neigh_hash_table.653682* %266, null br i1 %267, label %314, label %268 %269 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 1 %270 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 0 %271 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %272 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 2, i64 0 %273 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 1 %274 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 0 br label %275 %276 = phi i32 [ 0, %268 ], [ %306, %305 ] %277 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %270, align 8 %278 = zext i32 %276 to i64 %279 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %277, i64 %278 %280 = load %struct.neighbour.653686*, %struct.neighbour.653686** %279, align 8 %281 = icmp eq %struct.neighbour.653686* %280, null br i1 %281, label %305, label %282 %283 = phi %struct.neighbour.653686* [ %293, %282 ], [ %280, %275 ] %284 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %271, align 8 %285 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 26, i64 0 %286 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 25 %287 = load %struct.net_device.653918*, %struct.net_device.653918** %286, align 8 %288 = tail call i32 %284(i8* %285, %struct.net_device.653918* %287, i32* %272) #69 %289 = load i32, i32* %273, align 8 %290 = sub i32 32, %289 %291 = lshr i32 %288, %290 %292 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 0 %293 = load %struct.neighbour.653686*, %struct.neighbour.653686** %292, align 8 %294 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %295 = zext i32 %291 to i64 %296 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %294, i64 %295 %297 = bitcast %struct.neighbour.653686** %296 to i64* %298 = load i64, i64* %297, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %299 = bitcast %struct.neighbour.653686* %283 to i64* store volatile i64 %298, i64* %299, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %300 = ptrtoint %struct.neighbour.653686* %283 to i64 %301 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %302 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %301, i64 %295 %303 = bitcast %struct.neighbour.653686** %302 to i64* store volatile i64 %300, i64* %303, align 8 %304 = icmp eq %struct.neighbour.653686* %293, null br i1 %304, label %305, label %282 %306 = add i32 %276, 1 %307 = load i32, i32* %269, align 8 %308 = lshr i32 %306, %307 %309 = icmp eq i32 %308, 0 br i1 %309, label %275, label %310 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %311 = ptrtoint %struct.neigh_hash_table.653682* %266 to i64 %312 = bitcast %struct.neigh_hash_table.653682** %252 to i64* store volatile i64 %311, i64* %312, align 8 %313 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %313, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %314 %315 = phi %struct.neigh_hash_table.653682* [ %253, %242 ], [ %266, %310 ], [ %265, %260 ] %316 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %317 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %316, align 8 %318 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 2, i64 0 %319 = tail call i32 %317(i8* %199, %struct.net_device.653918* %2, i32* %318) #69 %320 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %321 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %320, i64 0, i32 6 %322 = load i32, i32* %321, align 8 %323 = icmp eq i32 %322, 0 br i1 %323, label %324, label %397 %325 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 1 %326 = load i32, i32* %325, align 8 %327 = sub i32 32, %326 %328 = lshr i32 %319, %327 %329 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 0 %330 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %329, align 8 %331 = zext i32 %328 to i64 %332 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %330, i64 %331 %333 = load %struct.neighbour.653686*, %struct.neighbour.653686** %332, align 8 %334 = icmp eq %struct.neighbour.653686* %333, null br i1 %334, label %360, label %335 %336 = phi %struct.neighbour.653686* [ %358, %356 ], [ %333, %324 ] %337 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 25 %338 = load %struct.net_device.653918*, %struct.net_device.653918** %337, align 8 %339 = icmp eq %struct.net_device.653918* %338, %2 br i1 %339, label %340, label %356 %341 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 26, i64 0 %342 = tail call i32 @bcmp(i8* %341, i8* %199, i64 %200) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.769189, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.769189* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %199, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %199, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %58 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %57, i64 0, i32 68 %59 = bitcast %struct.inet6_dev.768708** %58 to i64* %60 = load volatile i64, i64* %59, align 8 %61 = inttoptr i64 %60 to %struct.inet6_dev.768708* %62 = icmp eq i64 %60, 0 br i1 %62, label %199, label %63 %64 = getelementptr inbounds %struct.inet6_dev.768708, %struct.inet6_dev.768708* %61, i64 0, i32 26, i32 0 %65 = load i32, i32* %64, align 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %199 %68 = getelementptr inbounds %struct.inet6_dev.768708, %struct.inet6_dev.768708* %61, i64 0, i32 26, i32 4 %69 = load i32, i32* %68, align 8 %70 = icmp eq i32 %69, 0 br i1 %70, label %199, label %71 %72 = getelementptr inbounds i8, i8* %20, i64 40 %73 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.771438*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.768790*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.768790* %57, i8* %72, i32 %25, %struct.ndisc_options* nonnull %6) #69 %74 = icmp eq %struct.ndisc_options* %73, null br i1 %74, label %199, label %75 %76 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %77 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %76, align 8 %78 = icmp eq %struct.nd_opt_hdr* %77, null br i1 %78, label %101, label %79 %80 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %81 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %80, i64 0, i32 52 %82 = load i8, i8* %81, align 1 %83 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %80, i64 0, i32 45 %84 = load i16, i16* %83, align 4 %85 = icmp eq i16 %84, 32 %86 = select i1 %85, i32 2, i32 0 %87 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %77, i64 0, i32 1 %88 = load i8, i8* %87, align 1 %89 = zext i8 %88 to i32 %90 = shl nuw nsw i32 %89, 3 %91 = zext i8 %82 to i32 %92 = or i32 %86, 9 %93 = add nuw nsw i32 %92, %91 %94 = and i32 %93, 504 %95 = icmp ne i32 %90, %94 %96 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %77, i64 1, i32 0 %97 = zext i32 %86 to i64 %98 = getelementptr i8, i8* %96, i64 %97 %99 = icmp eq i8* %98, null %100 = or i1 %99, %95 br i1 %100, label %199, label %101 %102 = phi i8* [ %98, %79 ], [ null, %75 ] %103 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %104 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %105 = bitcast %struct.lwtunnel_state.768659** %104 to i32* %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 512 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %199 %110 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %111 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %110, align 8 %112 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %111, i64 0, i32 15 %113 = load void (%struct.dst_entry.768684*, i8*)*, void (%struct.dst_entry.768684*, i8*)** %112, align 16 %114 = icmp eq void (%struct.dst_entry.768684*, i8*)* %113, null br i1 %114, label %122, label %115 %123 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %124 = call %struct.neighbour.768606* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*)* @neigh_lookup to %struct.neighbour.768606* (%struct.neigh_table.768602*, i8*, %struct.net_device.768790*)*)(%struct.neigh_table.768602* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i8* %35, %struct.net_device.768790* %123) #69 %125 = icmp eq %struct.neighbour.768606* %124, null br i1 %125, label %126, label %131 %127 = call %struct.neighbour.768606* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*, i1)* @__neigh_create to %struct.neighbour.768606* (%struct.neigh_table.768602*, i8*, %struct.net_device.768790*, i1)*)(%struct.neigh_table.768602* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i8* %35, %struct.net_device.768790* %123, i1 zeroext true) #69 Function:__neigh_create %5 = tail call fastcc %struct.neighbour.653686* @___neigh_create(%struct.neigh_table.653683* %0, i8* %1, %struct.net_device.653918* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #69 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 55 %105 = load i16, i16* %104, align 2 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #69 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour.653686* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = bitcast i8* %123 to i32* store i32 0, i32* %124, align 4 %125 = getelementptr inbounds i8, i8* %109, i64 144 %126 = bitcast i8* %125 to i32* store i32 0, i32* %126, align 8 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** store i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)* @neigh_blackhole, i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = bitcast i8* %135 to i32* store i32 0, i32* %136, align 4 %137 = getelementptr inbounds i8, i8* %109, i64 192 %138 = bitcast i8* %137 to i32* store i32 0, i32* %138, align 8 %139 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %union.anon.21, %union.anon.21* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%union.anon.21* %140, i32 %149) #69 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms.653818** store %struct.neigh_parms.653818* %139, %struct.neigh_parms.653818** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %155 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table.653683** store %struct.neigh_table.653683* %0, %struct.neigh_table.653683** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = ptrtoint i8* %163 to i64 %165 = bitcast i8* %163 to i64* store volatile i64 %164, i64* %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour.653686* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@___neigh_create, %174)) #6 to label %196 [label %174], !srcloc !16 %197 = icmp eq %struct.neighbour.653686* %173, null br i1 %197, label %395, label %198 %199 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 26, i64 0 %200 = zext i32 %8 to i64 %201 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 25 store %struct.net_device.653918* %2, %struct.net_device.653918** %201, align 8 %202 = icmp eq %struct.net_device.653918* %2, null br i1 %202, label %206, label %203 %207 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 6 %208 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %207, align 8 %209 = icmp eq i32 (%struct.neighbour.653686*)* %208, null br i1 %209, label %216, label %210 %217 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 30 %218 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %217, align 8 %219 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %218, i64 0, i32 43 %220 = load i32 (%struct.net_device.653918*, %struct.neighbour.653686*)*, i32 (%struct.net_device.653918*, %struct.neighbour.653686*)** %219, align 8 %221 = icmp eq i32 (%struct.net_device.653918*, %struct.neighbour.653686*)* %220, null br i1 %221, label %228, label %222 %229 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 2 %230 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %231 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %230, i64 0, i32 3 %232 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %231, align 8 %233 = icmp eq i32 (%struct.neighbour.653686*)* %232, null br i1 %233, label %242, label %234 %235 = tail call i32 %232(%struct.neighbour.653686* nonnull %173) #69 %236 = icmp slt i32 %235, 0 br i1 %236, label %239, label %237 %238 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 br label %242 %243 = phi %struct.neigh_parms.653818* [ %238, %237 ], [ %230, %228 ] %244 = load volatile i64, i64* @jiffies, align 64 %245 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %243, i64 0, i32 10, i64 5 %246 = load i32, i32* %245, align 4 %247 = shl i32 %246, 1 %248 = sext i32 %247 to i64 %249 = sub i64 %244, %248 %250 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 3 store i64 %249, i64* %250, align 8 %251 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %251) #69 %252 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 29 %253 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %254 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 %255 = load volatile i32, i32* %254, align 4 %256 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %253, i64 0, i32 1 %257 = load i32, i32* %256, align 8 %258 = shl nuw i32 1, %257 %259 = icmp sgt i32 %255, %258 br i1 %259, label %260, label %314 %261 = add i32 %257, 1 %262 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %263 = load %struct.neigh_statistics*, %struct.neigh_statistics** %262, align 8 %264 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %263, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %264, i64* %264) #6, !srcloc !22 %265 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %266 = tail call fastcc %struct.neigh_hash_table.653682* @neigh_hash_alloc(i32 %261) #69 %267 = icmp eq %struct.neigh_hash_table.653682* %266, null br i1 %267, label %314, label %268 %269 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 1 %270 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 0 %271 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %272 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 2, i64 0 %273 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 1 %274 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 0 br label %275 %276 = phi i32 [ 0, %268 ], [ %306, %305 ] %277 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %270, align 8 %278 = zext i32 %276 to i64 %279 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %277, i64 %278 %280 = load %struct.neighbour.653686*, %struct.neighbour.653686** %279, align 8 %281 = icmp eq %struct.neighbour.653686* %280, null br i1 %281, label %305, label %282 %283 = phi %struct.neighbour.653686* [ %293, %282 ], [ %280, %275 ] %284 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %271, align 8 %285 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 26, i64 0 %286 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 25 %287 = load %struct.net_device.653918*, %struct.net_device.653918** %286, align 8 %288 = tail call i32 %284(i8* %285, %struct.net_device.653918* %287, i32* %272) #69 %289 = load i32, i32* %273, align 8 %290 = sub i32 32, %289 %291 = lshr i32 %288, %290 %292 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 0 %293 = load %struct.neighbour.653686*, %struct.neighbour.653686** %292, align 8 %294 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %295 = zext i32 %291 to i64 %296 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %294, i64 %295 %297 = bitcast %struct.neighbour.653686** %296 to i64* %298 = load i64, i64* %297, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %299 = bitcast %struct.neighbour.653686* %283 to i64* store volatile i64 %298, i64* %299, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %300 = ptrtoint %struct.neighbour.653686* %283 to i64 %301 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %302 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %301, i64 %295 %303 = bitcast %struct.neighbour.653686** %302 to i64* store volatile i64 %300, i64* %303, align 8 %304 = icmp eq %struct.neighbour.653686* %293, null br i1 %304, label %305, label %282 %306 = add i32 %276, 1 %307 = load i32, i32* %269, align 8 %308 = lshr i32 %306, %307 %309 = icmp eq i32 %308, 0 br i1 %309, label %275, label %310 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %311 = ptrtoint %struct.neigh_hash_table.653682* %266 to i64 %312 = bitcast %struct.neigh_hash_table.653682** %252 to i64* store volatile i64 %311, i64* %312, align 8 %313 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %313, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %314 %315 = phi %struct.neigh_hash_table.653682* [ %253, %242 ], [ %266, %310 ], [ %265, %260 ] %316 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %317 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %316, align 8 %318 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 2, i64 0 %319 = tail call i32 %317(i8* %199, %struct.net_device.653918* %2, i32* %318) #69 %320 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %321 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %320, i64 0, i32 6 %322 = load i32, i32* %321, align 8 %323 = icmp eq i32 %322, 0 br i1 %323, label %324, label %397 %325 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 1 %326 = load i32, i32* %325, align 8 %327 = sub i32 32, %326 %328 = lshr i32 %319, %327 %329 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 0 %330 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %329, align 8 %331 = zext i32 %328 to i64 %332 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %330, i64 %331 %333 = load %struct.neighbour.653686*, %struct.neighbour.653686** %332, align 8 %334 = icmp eq %struct.neighbour.653686* %333, null br i1 %334, label %360, label %335 %336 = phi %struct.neighbour.653686* [ %358, %356 ], [ %333, %324 ] %337 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 25 %338 = load %struct.net_device.653918*, %struct.net_device.653918** %337, align 8 %339 = icmp eq %struct.net_device.653918* %338, %2 br i1 %339, label %340, label %356 %341 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 26, i64 0 %342 = tail call i32 @bcmp(i8* %341, i8* %199, i64 %200) ------------- Use: =BAD PATH= Call Stack: 0 ___neigh_create 1 __neigh_create 2 ip6_neigh_lookup 3 ip6_dst_neigh_lookup ------------- Path:  Function:ip6_dst_neigh_lookup %4 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %5 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %6 = bitcast %struct.lwtunnel_state.768659** %5 to i32* %7 = load i32, i32* %6, align 8 %8 = and i32 %7, 2 %9 = icmp eq i32 %8, 0 %10 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %4, i64 0, i32 5 %11 = and i32 %7, 16777216 %12 = icmp eq i32 %11, 0 %13 = getelementptr inbounds %struct.rt6_info.768697, %struct.rt6_info.768697* %4, i64 0, i32 3, i32 0 %14 = select i1 %12, %struct.in6_addr* bitcast ({ { [16 x i8] } }* @in6addr_any to %struct.in6_addr*), %struct.in6_addr* %13 %15 = select i1 %9, %struct.in6_addr* %14, %struct.in6_addr* %10 %16 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 0 %17 = load %struct.net_device.768790*, %struct.net_device.768790** %16, align 8 %18 = tail call %struct.neighbour.768606* @ip6_neigh_lookup(%struct.in6_addr* %15, %struct.net_device.768790* %17, %struct.sk_buff.768802* %1, i8* %2) #69 Function:ip6_neigh_lookup %5 = bitcast %struct.in6_addr* %0 to i64* %6 = load i64, i64* %5, align 8 %7 = getelementptr %struct.in6_addr, %struct.in6_addr* %0, i64 0, i32 0, i32 0, i64 2 %8 = bitcast i32* %7 to i64* %9 = load i64, i64* %8, align 8 %10 = or i64 %9, %6 %11 = icmp eq i64 %10, 0 br i1 %11, label %14, label %12 %13 = bitcast %struct.in6_addr* %0 to i8* br label %24 %25 = phi i8* [ %23, %16 ], [ %13, %12 ], [ %3, %14 ] tail call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = load volatile i64, i64* bitcast (%struct.neigh_hash_table.768601** getelementptr inbounds (%struct.neigh_table.768602, %struct.neigh_table.768602* bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i64 0, i32 29) to i64*), align 8 %27 = inttoptr i64 %26 to %struct.neigh_hash_table.768601* %28 = getelementptr inbounds %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 2, i64 0 %29 = bitcast i8* %25 to i32* %30 = load i32, i32* %29, align 4 %31 = ptrtoint %struct.net_device.768790* %1 to i64 %32 = lshr i64 %31, 32 %33 = xor i64 %32, %31 %34 = trunc i64 %33 to i32 %35 = xor i32 %30, %34 %36 = load i32, i32* %28, align 4 %37 = mul i32 %35, %36 %38 = getelementptr i8, i8* %25, i64 4 %39 = bitcast i8* %38 to i32* %40 = load i32, i32* %39, align 4 %41 = getelementptr %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 2, i64 1 %42 = load i32, i32* %41, align 4 %43 = mul i32 %42, %40 %44 = add i32 %43, %37 %45 = getelementptr i8, i8* %25, i64 8 %46 = bitcast i8* %45 to i32* %47 = load i32, i32* %46, align 4 %48 = getelementptr %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 2, i64 2 %49 = load i32, i32* %48, align 4 %50 = mul i32 %49, %47 %51 = add i32 %44, %50 %52 = getelementptr i8, i8* %25, i64 12 %53 = bitcast i8* %52 to i32* %54 = load i32, i32* %53, align 4 %55 = getelementptr %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 2, i64 3 %56 = load i32, i32* %55, align 4 %57 = mul i32 %56, %54 %58 = add i32 %51, %57 %59 = getelementptr inbounds %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 1 %60 = load i32, i32* %59, align 8 %61 = sub i32 32, %60 %62 = lshr i32 %58, %61 %63 = getelementptr inbounds %struct.neigh_hash_table.768601, %struct.neigh_hash_table.768601* %27, i64 0, i32 0 %64 = load %struct.neighbour.768606**, %struct.neighbour.768606*** %63, align 8 %65 = zext i32 %62 to i64 %66 = getelementptr %struct.neighbour.768606*, %struct.neighbour.768606** %64, i64 %65 %67 = bitcast %struct.neighbour.768606** %66 to i64* %68 = load volatile i64, i64* %67, align 8 %69 = inttoptr i64 %68 to %struct.neighbour.768606* %70 = icmp eq i64 %68, 0 br i1 %70, label %103, label %71 %72 = phi %struct.neighbour.768606* [ %101, %98 ], [ %69, %24 ] %73 = phi i64 [ %100, %98 ], [ %68, %24 ] %74 = getelementptr inbounds %struct.neighbour.768606, %struct.neighbour.768606* %72, i64 0, i32 25 %75 = load %struct.net_device.768790*, %struct.net_device.768790** %74, align 8 %76 = icmp eq %struct.net_device.768790* %75, %1 br i1 %76, label %77, label %98 %78 = getelementptr inbounds %struct.neighbour.768606, %struct.neighbour.768606* %72, i64 0, i32 26, i64 0 %79 = bitcast i8* %78 to i32* %80 = load i32, i32* %79, align 4 %81 = xor i32 %80, %30 %82 = getelementptr %struct.neighbour.768606, %struct.neighbour.768606* %72, i64 0, i32 26, i64 4 %83 = bitcast i8* %82 to i32* %84 = load i32, i32* %83, align 4 %85 = xor i32 %84, %40 %86 = or i32 %85, %81 %87 = getelementptr %struct.neighbour.768606, %struct.neighbour.768606* %72, i64 0, i32 26, i64 8 %88 = bitcast i8* %87 to i32* %89 = load i32, i32* %88, align 4 %90 = xor i32 %89, %47 %91 = or i32 %86, %90 %92 = getelementptr %struct.neighbour.768606, %struct.neighbour.768606* %72, i64 0, i32 26, i64 12 %93 = bitcast i8* %92 to i32* %94 = load i32, i32* %93, align 4 %95 = xor i32 %94, %54 %96 = or i32 %91, %95 %97 = icmp eq i32 %96, 0 br i1 %97, label %103, label %98 %99 = inttoptr i64 %73 to i64* %100 = load volatile i64, i64* %99, align 8 %101 = inttoptr i64 %100 to %struct.neighbour.768606* %102 = icmp eq i64 %100, 0 br i1 %102, label %129, label %71 tail call fastcc void @local_bh_enable.62187() #69 %130 = tail call %struct.neighbour.768606* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*, i1)* @__neigh_create to %struct.neighbour.768606* (%struct.neigh_table.768602*, i8*, %struct.net_device.768790*, i1)*)(%struct.neigh_table.768602* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i8* %25, %struct.net_device.768790* %1, i1 zeroext true) #69 Function:__neigh_create %5 = tail call fastcc %struct.neighbour.653686* @___neigh_create(%struct.neigh_table.653683* %0, i8* %1, %struct.net_device.653918* %2, i8 zeroext 0, i1 zeroext false, i1 zeroext %3) #69 Function:___neigh_create %7 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 2 %8 = load i32, i32* %7, align 8 %9 = load volatile i64, i64* @jiffies, align 64 br i1 %4, label %101, label %10 %102 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 1 %103 = load i32, i32* %102, align 4 %104 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 55 %105 = load i16, i16* %104, align 2 %106 = zext i16 %105 to i32 %107 = add i32 %103, %106 %108 = zext i32 %107 to i64 %109 = tail call noalias align 8 i8* @__kmalloc(i64 %108, i32 2848) #69 %110 = icmp eq i8* %109, null br i1 %110, label %169, label %111 %112 = bitcast i8* %109 to %struct.neighbour.653686* %113 = getelementptr inbounds i8, i8* %109, i64 56 %114 = bitcast i8* %113 to i8** store i8* %113, i8** %114, align 8 %115 = getelementptr inbounds i8, i8* %109, i64 64 %116 = bitcast i8* %115 to i8** store i8* %113, i8** %116, align 8 %117 = getelementptr inbounds i8, i8* %109, i64 72 %118 = bitcast i8* %117 to i32* store i32 0, i32* %118, align 8 %119 = getelementptr inbounds i8, i8* %109, i64 40 %120 = bitcast i8* %119 to i32* store i32 0, i32* %120, align 8 %121 = getelementptr inbounds i8, i8* %109, i64 44 %122 = bitcast i8* %121 to i32* store i32 0, i32* %122, align 4 %123 = getelementptr inbounds i8, i8* %109, i64 140 %124 = bitcast i8* %123 to i32* store i32 0, i32* %124, align 4 %125 = getelementptr inbounds i8, i8* %109, i64 144 %126 = bitcast i8* %125 to i32* store i32 0, i32* %126, align 8 %127 = getelementptr inbounds i8, i8* %109, i64 120 %128 = bitcast i8* %127 to i64* store i64 %9, i64* %128, align 8 %129 = getelementptr inbounds i8, i8* %109, i64 32 %130 = bitcast i8* %129 to i64* store i64 %9, i64* %130, align 8 %131 = getelementptr inbounds i8, i8* %109, i64 133 store i8 0, i8* %131, align 1 %132 = getelementptr inbounds i8, i8* %109, i64 296 %133 = bitcast i8* %132 to i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** store i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)* @neigh_blackhole, i32 (%struct.neighbour.653686*, %struct.sk_buff.653931*)** %133, align 8 %134 = getelementptr inbounds i8, i8* %109, i64 132 store i8 %3, i8* %134, align 4 %135 = getelementptr inbounds i8, i8* %109, i64 188 %136 = bitcast i8* %135 to i32* store i32 0, i32* %136, align 4 %137 = getelementptr inbounds i8, i8* %109, i64 192 %138 = bitcast i8* %137 to i32* store i32 0, i32* %138, align 8 %139 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13 %140 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 13, i32 7 %141 = getelementptr inbounds %union.anon.21, %union.anon.21* %140, i64 0, i32 0, i32 0 %142 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %141, i32 1, i32* %141) #6, !srcloc !9 %143 = icmp eq i32 %142, 0 br i1 %143, label %148, label %144, !prof !10, !misexpect !11 %145 = add i32 %142, 1 %146 = or i32 %145, %142 %147 = icmp sgt i32 %146, -1 br i1 %147, label %150, label %148, !prof !12, !misexpect !11 %149 = phi i32 [ 2, %111 ], [ 1, %144 ] tail call void @refcount_warn_saturate(%union.anon.21* %140, i32 %149) #69 br label %150 %151 = getelementptr inbounds i8, i8* %109, i64 16 %152 = bitcast i8* %151 to %struct.neigh_parms.653818** store %struct.neigh_parms.653818* %139, %struct.neigh_parms.653818** %152, align 8 %153 = getelementptr inbounds i8, i8* %109, i64 80 %154 = bitcast i8* %153 to %struct.timer_list* tail call void @init_timer_key(%struct.timer_list* %154, void (%struct.timer_list*)* nonnull @neigh_timer_handler, i32 0, i8* null, %struct.lock_class_key* null) #69 %155 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %156 = load %struct.neigh_statistics*, %struct.neigh_statistics** %155, align 8 %157 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %156, i64 0, i32 0 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %157, i64* %157) #6, !srcloc !13 %158 = getelementptr inbounds i8, i8* %109, i64 8 %159 = bitcast i8* %158 to %struct.neigh_table.653683** store %struct.neigh_table.653683* %0, %struct.neigh_table.653683** %159, align 8 %160 = getelementptr inbounds i8, i8* %109, i64 48 %161 = bitcast i8* %160 to i32* store volatile i32 1, i32* %161, align 8 %162 = getelementptr inbounds i8, i8* %109, i64 135 store i8 1, i8* %162, align 1 %163 = getelementptr inbounds i8, i8* %109, i64 312 %164 = ptrtoint i8* %163 to i64 %165 = bitcast i8* %163 to i64* store volatile i64 %164, i64* %165, align 8 %166 = getelementptr inbounds i8, i8* %109, i64 320 %167 = bitcast i8* %166 to i8** store i8* %163, i8** %167, align 8 %168 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %168, i32* %168) #6, !srcloc !14 br label %172 %173 = phi %struct.neighbour.653686* [ %112, %150 ], [ null, %169 ], [ null, %170 ] callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_create to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@___neigh_create, %174)) #6 to label %196 [label %174], !srcloc !16 %197 = icmp eq %struct.neighbour.653686* %173, null br i1 %197, label %395, label %198 %199 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 26, i64 0 %200 = zext i32 %8 to i64 %201 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 25 store %struct.net_device.653918* %2, %struct.net_device.653918** %201, align 8 %202 = icmp eq %struct.net_device.653918* %2, null br i1 %202, label %206, label %203 %207 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 6 %208 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %207, align 8 %209 = icmp eq i32 (%struct.neighbour.653686*)* %208, null br i1 %209, label %216, label %210 %217 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %2, i64 0, i32 30 %218 = load %struct.net_device_ops.653845*, %struct.net_device_ops.653845** %217, align 8 %219 = getelementptr inbounds %struct.net_device_ops.653845, %struct.net_device_ops.653845* %218, i64 0, i32 43 %220 = load i32 (%struct.net_device.653918*, %struct.neighbour.653686*)*, i32 (%struct.net_device.653918*, %struct.neighbour.653686*)** %219, align 8 %221 = icmp eq i32 (%struct.net_device.653918*, %struct.neighbour.653686*)* %220, null br i1 %221, label %228, label %222 %229 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 2 %230 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %231 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %230, i64 0, i32 3 %232 = load i32 (%struct.neighbour.653686*)*, i32 (%struct.neighbour.653686*)** %231, align 8 %233 = icmp eq i32 (%struct.neighbour.653686*)* %232, null br i1 %233, label %242, label %234 %235 = tail call i32 %232(%struct.neighbour.653686* nonnull %173) #69 %236 = icmp slt i32 %235, 0 br i1 %236, label %239, label %237 %238 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 br label %242 %243 = phi %struct.neigh_parms.653818* [ %238, %237 ], [ %230, %228 ] %244 = load volatile i64, i64* @jiffies, align 64 %245 = getelementptr %struct.neigh_parms.653818, %struct.neigh_parms.653818* %243, i64 0, i32 10, i64 5 %246 = load i32, i32* %245, align 4 %247 = shl i32 %246, 1 %248 = sext i32 %247 to i64 %249 = sub i64 %244, %248 %250 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %173, i64 0, i32 3 store i64 %249, i64* %250, align 8 %251 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 26 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %251) #69 %252 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 29 %253 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %254 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 23, i32 0 %255 = load volatile i32, i32* %254, align 4 %256 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %253, i64 0, i32 1 %257 = load i32, i32* %256, align 8 %258 = shl nuw i32 1, %257 %259 = icmp sgt i32 %255, %258 br i1 %259, label %260, label %314 %261 = add i32 %257, 1 %262 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 28 %263 = load %struct.neigh_statistics*, %struct.neigh_statistics** %262, align 8 %264 = getelementptr inbounds %struct.neigh_statistics, %struct.neigh_statistics* %263, i64 0, i32 2 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %264, i64* %264) #6, !srcloc !22 %265 = load %struct.neigh_hash_table.653682*, %struct.neigh_hash_table.653682** %252, align 8 %266 = tail call fastcc %struct.neigh_hash_table.653682* @neigh_hash_alloc(i32 %261) #69 %267 = icmp eq %struct.neigh_hash_table.653682* %266, null br i1 %267, label %314, label %268 %269 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 1 %270 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 0 %271 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %272 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 2, i64 0 %273 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 1 %274 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %266, i64 0, i32 0 br label %275 %276 = phi i32 [ 0, %268 ], [ %306, %305 ] %277 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %270, align 8 %278 = zext i32 %276 to i64 %279 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %277, i64 %278 %280 = load %struct.neighbour.653686*, %struct.neighbour.653686** %279, align 8 %281 = icmp eq %struct.neighbour.653686* %280, null br i1 %281, label %305, label %282 %283 = phi %struct.neighbour.653686* [ %293, %282 ], [ %280, %275 ] %284 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %271, align 8 %285 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 26, i64 0 %286 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 25 %287 = load %struct.net_device.653918*, %struct.net_device.653918** %286, align 8 %288 = tail call i32 %284(i8* %285, %struct.net_device.653918* %287, i32* %272) #69 %289 = load i32, i32* %273, align 8 %290 = sub i32 32, %289 %291 = lshr i32 %288, %290 %292 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %283, i64 0, i32 0 %293 = load %struct.neighbour.653686*, %struct.neighbour.653686** %292, align 8 %294 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %295 = zext i32 %291 to i64 %296 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %294, i64 %295 %297 = bitcast %struct.neighbour.653686** %296 to i64* %298 = load i64, i64* %297, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !23 %299 = bitcast %struct.neighbour.653686* %283 to i64* store volatile i64 %298, i64* %299, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !24 %300 = ptrtoint %struct.neighbour.653686* %283 to i64 %301 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %274, align 8 %302 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %301, i64 %295 %303 = bitcast %struct.neighbour.653686** %302 to i64* store volatile i64 %300, i64* %303, align 8 %304 = icmp eq %struct.neighbour.653686* %293, null br i1 %304, label %305, label %282 %306 = add i32 %276, 1 %307 = load i32, i32* %269, align 8 %308 = lshr i32 %306, %307 %309 = icmp eq i32 %308, 0 br i1 %309, label %275, label %310 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !25 %311 = ptrtoint %struct.neigh_hash_table.653682* %266 to i64 %312 = bitcast %struct.neigh_hash_table.653682** %252 to i64* store volatile i64 %311, i64* %312, align 8 %313 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %265, i64 0, i32 3 tail call void @call_rcu(%struct.callback_head* %313, void (%struct.callback_head*)* nonnull @neigh_hash_free_rcu) #69 br label %314 %315 = phi %struct.neigh_hash_table.653682* [ %253, %242 ], [ %266, %310 ], [ %265, %260 ] %316 = getelementptr inbounds %struct.neigh_table.653683, %struct.neigh_table.653683* %0, i64 0, i32 4 %317 = load i32 (i8*, %struct.net_device.653918*, i32*)*, i32 (i8*, %struct.net_device.653918*, i32*)** %316, align 8 %318 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 2, i64 0 %319 = tail call i32 %317(i8* %199, %struct.net_device.653918* %2, i32* %318) #69 %320 = load %struct.neigh_parms.653818*, %struct.neigh_parms.653818** %229, align 8 %321 = getelementptr inbounds %struct.neigh_parms.653818, %struct.neigh_parms.653818* %320, i64 0, i32 6 %322 = load i32, i32* %321, align 8 %323 = icmp eq i32 %322, 0 br i1 %323, label %324, label %397 %325 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 1 %326 = load i32, i32* %325, align 8 %327 = sub i32 32, %326 %328 = lshr i32 %319, %327 %329 = getelementptr inbounds %struct.neigh_hash_table.653682, %struct.neigh_hash_table.653682* %315, i64 0, i32 0 %330 = load %struct.neighbour.653686**, %struct.neighbour.653686*** %329, align 8 %331 = zext i32 %328 to i64 %332 = getelementptr %struct.neighbour.653686*, %struct.neighbour.653686** %330, i64 %331 %333 = load %struct.neighbour.653686*, %struct.neighbour.653686** %332, align 8 %334 = icmp eq %struct.neighbour.653686* %333, null br i1 %334, label %360, label %335 %336 = phi %struct.neighbour.653686* [ %358, %356 ], [ %333, %324 ] %337 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 25 %338 = load %struct.net_device.653918*, %struct.net_device.653918** %337, align 8 %339 = icmp eq %struct.net_device.653918* %338, %2 br i1 %339, label %340, label %356 %341 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %336, i64 0, i32 26, i64 0 %342 = tail call i32 @bcmp(i8* %341, i8* %199, i64 %200) ------------- Use: =BAD PATH= Call Stack: 0 __neigh_update 1 neigh_update 2 ndisc_update 3 rt6_do_redirect ------------- Path:  Function:rt6_do_redirect %4 = alloca %struct.netevent_redirect, align 8 %5 = alloca %struct.fib6_result.769189, align 8 %6 = alloca %struct.ndisc_options, align 8 %7 = alloca %struct.fib6_nh_match_arg, align 8 %8 = bitcast %struct.netevent_redirect* %4 to i8* %9 = bitcast %struct.fib6_result.769189* %5 to i8* %10 = bitcast %struct.ndisc_options* %6 to i8* %11 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 40 %12 = load i8*, i8** %11, align 8 %13 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 38 %14 = load i32, i32* %13, align 8 %15 = zext i32 %14 to i64 %16 = getelementptr i8, i8* %12, i64 %15 %17 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 34 %18 = load i16, i16* %17, align 2 %19 = zext i16 %18 to i64 %20 = getelementptr i8, i8* %12, i64 %19 %21 = ptrtoint i8* %16 to i64 %22 = ptrtoint i8* %20 to i64 %23 = sub i64 %21, %22 %24 = trunc i64 %23 to i32 %25 = add i32 %24, -40 %26 = icmp slt i32 %25, 0 br i1 %26, label %199, label %27 %28 = getelementptr inbounds i8, i8* %20, i64 24 %29 = bitcast i8* %28 to %struct.in6_addr* %30 = bitcast i8* %28 to i32* %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 255 %33 = icmp eq i32 %32, 255 br i1 %33, label %199, label %34 %35 = getelementptr inbounds i8, i8* %20, i64 8 %36 = bitcast i8* %28 to i64* %37 = bitcast i8* %35 to i64* %38 = load i64, i64* %36, align 8 %39 = load i64, i64* %37, align 8 %40 = getelementptr i8, i8* %28, i64 8 %41 = bitcast i8* %40 to i64* %42 = load i64, i64* %41, align 8 %43 = getelementptr i8, i8* %35, i64 8 %44 = bitcast i8* %43 to i64* %45 = load i64, i64* %44, align 8 %46 = icmp eq i64 %38, %39 %47 = icmp eq i64 %42, %45 %48 = and i1 %46, %47 br i1 %48, label %54, label %49 %55 = phi i1 [ true, %49 ], [ false, %34 ] %56 = getelementptr inbounds %struct.sk_buff.768802, %struct.sk_buff.768802* %2, i64 0, i32 0, i32 0, i32 2, i32 0 %57 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %58 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %57, i64 0, i32 68 %59 = bitcast %struct.inet6_dev.768708** %58 to i64* %60 = load volatile i64, i64* %59, align 8 %61 = inttoptr i64 %60 to %struct.inet6_dev.768708* %62 = icmp eq i64 %60, 0 br i1 %62, label %199, label %63 %64 = getelementptr inbounds %struct.inet6_dev.768708, %struct.inet6_dev.768708* %61, i64 0, i32 26, i32 0 %65 = load i32, i32* %64, align 8 %66 = icmp eq i32 %65, 0 br i1 %66, label %67, label %199 %68 = getelementptr inbounds %struct.inet6_dev.768708, %struct.inet6_dev.768708* %61, i64 0, i32 26, i32 4 %69 = load i32, i32* %68, align 8 %70 = icmp eq i32 %69, 0 br i1 %70, label %199, label %71 %72 = getelementptr inbounds i8, i8* %20, i64 40 %73 = call %struct.ndisc_options* bitcast (%struct.ndisc_options* (%struct.net_device.771438*, i8*, i32, %struct.ndisc_options*)* @ndisc_parse_options to %struct.ndisc_options* (%struct.net_device.768790*, i8*, i32, %struct.ndisc_options*)*)(%struct.net_device.768790* %57, i8* %72, i32 %25, %struct.ndisc_options* nonnull %6) #69 %74 = icmp eq %struct.ndisc_options* %73, null br i1 %74, label %199, label %75 %76 = getelementptr inbounds %struct.ndisc_options, %struct.ndisc_options* %6, i64 0, i32 0, i64 2 %77 = load %struct.nd_opt_hdr*, %struct.nd_opt_hdr** %76, align 8 %78 = icmp eq %struct.nd_opt_hdr* %77, null br i1 %78, label %101, label %79 %80 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %81 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %80, i64 0, i32 52 %82 = load i8, i8* %81, align 1 %83 = getelementptr inbounds %struct.net_device.768790, %struct.net_device.768790* %80, i64 0, i32 45 %84 = load i16, i16* %83, align 4 %85 = icmp eq i16 %84, 32 %86 = select i1 %85, i32 2, i32 0 %87 = getelementptr inbounds %struct.nd_opt_hdr, %struct.nd_opt_hdr* %77, i64 0, i32 1 %88 = load i8, i8* %87, align 1 %89 = zext i8 %88 to i32 %90 = shl nuw nsw i32 %89, 3 %91 = zext i8 %82 to i32 %92 = or i32 %86, 9 %93 = add nuw nsw i32 %92, %91 %94 = and i32 %93, 504 %95 = icmp ne i32 %90, %94 %96 = getelementptr %struct.nd_opt_hdr, %struct.nd_opt_hdr* %77, i64 1, i32 0 %97 = zext i32 %86 to i64 %98 = getelementptr i8, i8* %96, i64 %97 %99 = icmp eq i8* %98, null %100 = or i1 %99, %95 br i1 %100, label %199, label %101 %102 = phi i8* [ %98, %79 ], [ null, %75 ] %103 = bitcast %struct.dst_entry.768684* %0 to %struct.rt6_info.768697* %104 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 1, i32 14 %105 = bitcast %struct.lwtunnel_state.768659** %104 to i32* %106 = load i32, i32* %105, align 8 %107 = and i32 %106, 512 %108 = icmp eq i32 %107, 0 br i1 %108, label %109, label %199 %110 = getelementptr inbounds %struct.dst_entry.768684, %struct.dst_entry.768684* %0, i64 0, i32 1 %111 = load %struct.dst_ops.768662*, %struct.dst_ops.768662** %110, align 8 %112 = getelementptr inbounds %struct.dst_ops.768662, %struct.dst_ops.768662* %111, i64 0, i32 15 %113 = load void (%struct.dst_entry.768684*, i8*)*, void (%struct.dst_entry.768684*, i8*)** %112, align 16 %114 = icmp eq void (%struct.dst_entry.768684*, i8*)* %113, null br i1 %114, label %122, label %115 %123 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %124 = call %struct.neighbour.768606* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*)* @neigh_lookup to %struct.neighbour.768606* (%struct.neigh_table.768602*, i8*, %struct.net_device.768790*)*)(%struct.neigh_table.768602* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i8* %35, %struct.net_device.768790* %123) #69 %125 = icmp eq %struct.neighbour.768606* %124, null br i1 %125, label %126, label %131 %127 = call %struct.neighbour.768606* bitcast (%struct.neighbour.653686* (%struct.neigh_table.653683*, i8*, %struct.net_device.653918*, i1)* @__neigh_create to %struct.neighbour.768606* (%struct.neigh_table.768602*, i8*, %struct.net_device.768790*, i1)*)(%struct.neigh_table.768602* nonnull bitcast ({ i32, i32, i32, i16, i32 (i8*, %struct.net_device.771438*, i32*)*, i1 (%struct.neighbour.770963*, i8*)*, i32 (%struct.neighbour.770963*)*, i32 (%struct.pneigh_entry.770950*)*, void (%struct.pneigh_entry.770950*)*, void (%struct.sk_buff.771348*)*, i32 (i8*)*, i1 (%struct.net_device.771438*, %struct.netlink_ext_ack*)*, i8*, %struct.neigh_parms.770951, %struct.list_head, i32, i32, i32, i32, i64, %struct.delayed_work, %struct.timer_list, %struct.sk_buff_head.770954, %struct.kuid_t, %struct.kuid_t, %struct.list_head, %struct.rwlock_t, i64, %struct.neigh_statistics*, %struct.neigh_hash_table.770959*, %struct.pneigh_entry.770950** }* @nd_tbl to %struct.neigh_table.768602*), i8* %35, %struct.net_device.768790* %123, i1 zeroext true) #69 %128 = icmp ugt %struct.neighbour.768606* %127, inttoptr (i64 -4096 to %struct.neighbour.768606*) %129 = icmp eq %struct.neighbour.768606* %127, null %130 = or i1 %128, %129 br i1 %130, label %199, label %131 %132 = phi %struct.neighbour.768606* [ %124, %122 ], [ %127, %126 ] %133 = load %struct.net_device.768790*, %struct.net_device.768790** %56, align 8 %134 = select i1 %55, i32 1073741831, i32 3 call void bitcast (void (%struct.net_device.771438*, %struct.neighbour.770963*, i8*, i8, i32, i8, %struct.ndisc_options*)* @ndisc_update to void (%struct.net_device.768790*, %struct.neighbour.768606*, i8*, i8, i32, i8, %struct.ndisc_options*)*)(%struct.net_device.768790* %133, %struct.neighbour.768606* nonnull %132, i8* %102, i8 zeroext 4, i32 %134, i8 zeroext -119, %struct.ndisc_options* nonnull %6) #69 Function:ndisc_update %8 = tail call i32 bitcast (i32 (%struct.neighbour.653686*, i8*, i8, i32, i32)* @neigh_update to i32 (%struct.neighbour.770963*, i8*, i8, i32, i32)*)(%struct.neighbour.770963* %1, i8* %2, i8 zeroext %3, i32 %4, i32 0) #69 Function:neigh_update %6 = tail call fastcc i32 @__neigh_update(%struct.neighbour.653686* %0, i8* %1, i8 zeroext %2, i32 %3, i32 %4, %struct.netlink_ext_ack* null) #69 Function:__neigh_update callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_neigh_update to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@__neigh_update, %7)) #6 to label %29 [label %7], !srcloc !4 %30 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 5 tail call void @_raw_write_lock_bh(%struct.rwlock_t* %30) #69 %31 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 25 %32 = load %struct.net_device.653918*, %struct.net_device.653918** %31, align 8 %33 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 13 %34 = load i8, i8* %33, align 1 %35 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 15 %36 = load i8, i8* %35, align 1 %37 = icmp eq i8 %36, 0 br i1 %37, label %42, label %38 %43 = icmp sgt i32 %3, -1 %44 = xor i1 %43, true %45 = icmp ult i8 %34, 64 %46 = or i1 %45, %44 br i1 %46, label %47, label %411 br i1 %43, label %61, label %48 %62 = phi i32 [ 0, %47 ], [ 0, %48 ], [ 1, %56 ] %63 = phi i1 [ false, %47 ], [ false, %48 ], [ true, %56 ] %64 = and i32 %3, 268435456 %65 = icmp eq i32 %64, 0 br i1 %65, label %68, label %66 %69 = zext i8 %2 to i32 %70 = and i32 %69, 222 %71 = icmp eq i32 %70, 0 br i1 %71, label %72, label %110 %111 = getelementptr inbounds %struct.net_device.653918, %struct.net_device.653918* %32, i64 0, i32 52 %112 = load i8, i8* %111, align 1 %113 = icmp eq i8 %112, 0 br i1 %113, label %114, label %116 %117 = icmp eq i8* %1, null %118 = and i8 %34, -34 %119 = icmp eq i8 %118, 0 br i1 %117, label %127, label %120 br i1 %119, label %134, label %121 %122 = getelementptr inbounds %struct.neighbour.653686, %struct.neighbour.653686* %0, i64 0, i32 19, i64 0 %123 = zext i8 %112 to i64 %124 = tail call i32 @bcmp(i8* nonnull %1, i8* %122, i64 %123) ------------- Use: =BAD PATH= Call Stack: 0 __ip_options_echo 1 __icmp_send 2 ipv4_link_failure ------------- Path:  Function:ipv4_link_failure %2 = alloca %struct.ip_options, align 4 %3 = bitcast %struct.ip_options* %2 to i8* %4 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 40 %5 = load i8*, i8** %4, align 8 %6 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 35 %7 = load i16, i16* %6, align 4 %8 = zext i16 %7 to i64 %9 = getelementptr i8, i8* %5, i64 %8 %10 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 41 %11 = bitcast i8** %10 to i64* %12 = load i64, i64* %11, align 8 %13 = ptrtoint i8* %9 to i64 %14 = sub i64 %13, %12 %15 = trunc i64 %14 to i32 %16 = add i32 %15, 20 %17 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 6 %18 = load i32, i32* %17, align 8 %19 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 7 %20 = load i32, i32* %19, align 4 %21 = sub i32 %18, %20 %22 = icmp ugt i32 %16, %21 br i1 %22, label %23, label %33, !prof !4, !misexpect !5 %24 = icmp ult i32 %18, %16 br i1 %24, label %85, label %25, !prof !4, !misexpect !6 %26 = sub i32 %16, %21 %27 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %26) #69 %28 = icmp eq i8* %27, null br i1 %28, label %85, label %29 %30 = load i8*, i8** %4, align 8 %31 = load i16, i16* %6, align 4 %32 = zext i16 %31 to i64 br label %33 %34 = phi i64 [ %32, %29 ], [ %8, %1 ] %35 = phi i8* [ %30, %29 ], [ %5, %1 ] %36 = getelementptr i8, i8* %35, i64 %34 %37 = load i8, i8* %36, align 4 %38 = and i8 %37, -16 %39 = icmp ne i8 %38, 64 %40 = and i8 %37, 15 %41 = icmp ult i8 %40, 5 %42 = or i1 %39, %41 br i1 %42, label %85, label %43 %44 = load i8, i8* %36, align 4 %45 = and i8 %44, 14 %46 = icmp ugt i8 %45, 5 br i1 %46, label %47, label %84 %48 = shl i8 %44, 2 %49 = and i8 %48, 60 %50 = zext i8 %49 to i32 %51 = load i64, i64* %11, align 8 %52 = ptrtoint i8* %36 to i64 %53 = sub i64 %52, %51 %54 = trunc i64 %53 to i32 %55 = add i32 %54, %50 %56 = load i32, i32* %17, align 8 %57 = load i32, i32* %19, align 4 %58 = sub i32 %56, %57 %59 = icmp ugt i32 %55, %58 br i1 %59, label %60, label %74, !prof !4, !misexpect !5 %61 = icmp ult i32 %56, %55 br i1 %61, label %85, label %62, !prof !4, !misexpect !6 %63 = sub i32 %55, %58 %64 = tail call i8* bitcast (i8* (%struct.sk_buff.647384*, i32)* @__pskb_pull_tail to i8* (%struct.sk_buff.706937*, i32)*)(%struct.sk_buff.706937* %0, i32 %63) #69 %65 = icmp eq i8* %64, null br i1 %65, label %85, label %66 %67 = load i8*, i8** %4, align 8 %68 = load i16, i16* %6, align 4 %69 = zext i16 %68 to i64 %70 = getelementptr i8, i8* %67, i64 %69 %71 = load i8, i8* %70, align 4 %72 = shl i8 %71, 2 %73 = and i8 %72, 60 br label %74 %75 = phi i8 [ %73, %66 ], [ %49, %47 ] %76 = add nsw i8 %75, -20 %77 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %2, i64 0, i32 2 store i8 %76, i8* %77, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %79 = load %struct.net_device.707029*, %struct.net_device.707029** %78, align 8 %80 = getelementptr inbounds %struct.net_device.707029, %struct.net_device.707029* %79, i64 0, i32 107, i32 0 %81 = load %struct.net.706629*, %struct.net.706629** %80, align 8 %82 = call i32 @__ip_options_compile(%struct.net.706629* %81, %struct.ip_options* nonnull %2, %struct.sk_buff.706937* %0, i32* null) #69 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %83 = icmp eq i32 %82, 0 br i1 %83, label %84, label %85 call void bitcast (void (%struct.sk_buff.729278*, i32, i32, i32, %struct.ip_options*)* @__icmp_send to void (%struct.sk_buff.706937*, i32, i32, i32, %struct.ip_options*)*)(%struct.sk_buff.706937* %0, i32 3, i32 1, i32 0, %struct.ip_options* nonnull %2) #69 Function:__icmp_send %6 = alloca %struct.flowi4, align 8 %7 = alloca %struct.flowi4, align 8 %8 = alloca %struct.inetpeer_addr, align 4 %9 = alloca %struct.icmp_bxm, align 8 %10 = alloca %struct.rtable.729129*, align 8 %11 = alloca %struct.ipcm_cookie, align 8 %12 = alloca %struct.flowi4, align 8 %13 = alloca i8, align 1 %14 = bitcast %struct.icmp_bxm* %9 to i8* %15 = bitcast %struct.rtable.729129** %10 to i8* %16 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 4, i32 0, i32 0 %17 = load i64, i64* %16, align 8 %18 = and i64 %17, -2 %19 = inttoptr i64 %18 to %struct.rtable.729129* store %struct.rtable.729129* %19, %struct.rtable.729129** %10, align 8 %20 = bitcast %struct.ipcm_cookie* %11 to i8* %21 = bitcast %struct.flowi4* %12 to i8* %22 = icmp eq i64 %18, 0 br i1 %22, label %483, label %23 %24 = getelementptr inbounds %struct.rtable.729129, %struct.rtable.729129* %19, i64 0, i32 0, i32 0 %25 = load %struct.net_device.729265*, %struct.net_device.729265** %24, align 8 %26 = icmp eq %struct.net_device.729265* %25, null br i1 %26, label %27, label %31 %28 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %29 = load %struct.net_device.729265*, %struct.net_device.729265** %28, align 8 %30 = icmp eq %struct.net_device.729265* %29, null br i1 %30, label %483, label %31 %32 = phi %struct.net_device.729265* [ %25, %23 ], [ %29, %27 ] %33 = getelementptr inbounds %struct.net_device.729265, %struct.net_device.729265* %32, i64 0, i32 107, i32 0 %34 = load %struct.net.729175*, %struct.net.729175** %33, align 8 %35 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 40 %36 = load i8*, i8** %35, align 8 %37 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 35 %38 = load i16, i16* %37, align 4 %39 = zext i16 %38 to i64 %40 = getelementptr i8, i8* %36, i64 %39 %41 = icmp ult i8* %40, %36 br i1 %41, label %483, label %42 %43 = getelementptr i8, i8* %40, i64 20 %44 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 38 %45 = load i32, i32* %44, align 8 %46 = zext i32 %45 to i64 %47 = getelementptr i8, i8* %36, i64 %46 %48 = icmp ugt i8* %43, %47 br i1 %48, label %483, label %49 %50 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 16 %51 = load i16, i16* %50, align 8 %52 = and i16 %51, 7 %53 = icmp eq i16 %52, 0 br i1 %53, label %54, label %483 %55 = getelementptr inbounds %struct.rtable.729129, %struct.rtable.729129* %19, i64 0, i32 2 %56 = load i32, i32* %55, align 4 %57 = and i32 %56, 805306368 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %483 %60 = getelementptr inbounds i8, i8* %40, i64 6 %61 = bitcast i8* %60 to i16* %62 = load i16, i16* %61, align 2 %63 = and i16 %62, -225 %64 = icmp eq i16 %63, 0 br i1 %64, label %65, label %483 %66 = zext i32 %1 to i64 %67 = lshr i64 516353, %66 %68 = and i64 %67, 1 %69 = icmp eq i64 %68, 0 br i1 %69, label %70, label %115 %71 = getelementptr inbounds i8, i8* %40, i64 9 %72 = load i8, i8* %71, align 1 %73 = icmp eq i8 %72, 1 br i1 %73, label %74, label %115 %75 = load i8, i8* %40, align 4 %76 = shl i8 %75, 2 %77 = and i8 %76, 60 %78 = zext i8 %77 to i64 %79 = getelementptr i8, i8* %40, i64 %78 %80 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 41 %81 = bitcast i8** %80 to i64* %82 = load i64, i64* %81, align 8 %83 = ptrtoint i8* %79 to i64 %84 = sub i64 %83, %82 %85 = trunc i64 %84 to i32 %86 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 6 %87 = load i32, i32* %86, align 8 %88 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 7 %89 = load i32, i32* %88, align 4 %90 = sub i32 %87, %89 %91 = sub i32 %90, %85 %92 = icmp sgt i32 %91, 0 br i1 %92, label %98, label %93 %94 = icmp eq %struct.sk_buff.729278* %0, null br i1 %94, label %113, label %95 %96 = call i32 bitcast (i32 (%struct.sk_buff.647384*, i32, i8*, i32)* @skb_copy_bits to i32 (%struct.sk_buff.729278*, i32, i8*, i32)*)(%struct.sk_buff.729278* nonnull %0, i32 %85, i8* nonnull %13, i32 1) #69 %97 = icmp slt i32 %96, 0 br i1 %97, label %113, label %104 %105 = phi i8* [ %102, %98 ], [ %13, %95 ] %106 = load i8, i8* %105, align 1 %107 = icmp ugt i8 %106, 18 br i1 %107, label %113, label %108 %109 = zext i8 %106 to i64 %110 = lshr i64 516353, %109 %111 = and i64 %110, 1 %112 = icmp eq i64 %111, 0 br i1 %112, label %113, label %114 br label %115 call void asm "addl $1, %gs:$0", "=*m,ri,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count, i32 512, i32* nonnull @__preempt_count) #6, !srcloc !4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %116 = getelementptr inbounds %struct.sk_buff.729278, %struct.sk_buff.729278* %0, i64 0, i32 0, i32 0, i32 2, i32 0 %117 = load %struct.net_device.729265*, %struct.net_device.729265** %116, align 8 %118 = icmp eq %struct.net_device.729265* %117, null br i1 %118, label %126, label %119 %120 = getelementptr inbounds %struct.net_device.729265, %struct.net_device.729265* %117, i64 0, i32 34 %121 = load i32, i32* %120, align 8 %122 = and i32 %121, 8 %123 = icmp ne i32 %122, 0 %124 = icmp sgt i32 %1, 18 %125 = or i1 %124, %123 br i1 %125, label %177, label %128 %129 = icmp eq i32 %1, 3 %130 = icmp eq i32 %2, 4 %131 = and i1 %129, %130 br i1 %131, label %177, label %132 %133 = shl nuw nsw i32 1, %1 %134 = getelementptr inbounds %struct.net.729175, %struct.net.729175* %34, i64 0, i32 34, i32 33 %135 = load volatile i32, i32* %134, align 4 %136 = and i32 %135, %133 %137 = icmp eq i32 %136, 0 br i1 %137, label %177, label %138 %139 = load volatile i64, i64* @jiffies, align 64 %140 = trunc i64 %139 to i32 %141 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %142 = icmp eq i32 %141, 0 br i1 %142, label %143, label %147 %144 = load volatile i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %145 = sub i32 %140, %144 %146 = icmp ult i32 %145, 20 br i1 %146, label %482, label %147 call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 0, i32 0, i32 0)) #69 %148 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 %149 = sub i32 %140, %148 %150 = icmp ult i32 %149, 1000 %151 = select i1 %150, i32 %149, i32 1000 %152 = icmp ugt i32 %151, 19 br i1 %152, label %153, label %159 %154 = load volatile i32, i32* @sysctl_icmp_msgs_per_sec, align 4 %155 = mul i32 %154, %151 %156 = icmp ult i32 %155, 1000 br i1 %156, label %159, label %157 %158 = udiv i32 %155, 1000 store volatile i32 %140, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 2), align 4 br label %159 %160 = phi i32 [ %158, %157 ], [ 0, %153 ], [ 0, %147 ] %161 = load i32, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 %162 = add i32 %161, %160 %163 = load volatile i32, i32* @sysctl_icmp_msgs_burst, align 4 %164 = icmp ult i32 %162, %163 %165 = select i1 %164, i32 %162, i32 %163 %166 = icmp eq i32 %165, 0 br i1 %166, label %176, label %167 %168 = call i32 @prandom_u32() #69 %169 = zext i32 %168 to i64 %170 = mul nuw nsw i64 %169, 3 %171 = lshr i64 %170, 32 %172 = trunc i64 %171 to i32 %173 = sub i32 %165, %172 %174 = icmp sgt i32 %173, 0 %175 = select i1 %174, i32 %173, i32 0 store volatile i32 %175, i32* getelementptr inbounds (%struct.intel_pipe_crc, %struct.intel_pipe_crc* @icmp_global, i64 0, i32 1), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.intel_pipe_crc* @icmp_global to i8*), align 4 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 br label %177 %178 = getelementptr inbounds %struct.net.729175, %struct.net.729175* %34, i64 0, i32 34, i32 18 %179 = load %struct.sock.729070**, %struct.sock.729070*** %178, align 32 %180 = call %struct.sock.729070* asm sideeffect "movq %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(%struct.sock.729070** %179) #6, !srcloc !8 %181 = getelementptr inbounds %struct.sock.729070, %struct.sock.729070* %180, i64 0, i32 1, i32 0, i32 0, i32 0 %182 = call i32 @_raw_spin_trylock(%struct.raw_spinlock* %181) #69 %183 = icmp eq i32 %182, 0 %184 = icmp eq %struct.sock.729070* %180, null %185 = or i1 %184, %183 br i1 %185, label %482, label %186 %187 = getelementptr inbounds i8, i8* %40, i64 16 %188 = bitcast i8* %187 to i32* %189 = load i32, i32* %188, align 4 %190 = load %struct.rtable.729129*, %struct.rtable.729129** %10, align 8 %191 = getelementptr inbounds %struct.rtable.729129, %struct.rtable.729129* %190, i64 0, i32 2 %192 = load i32, i32* %191, align 4 %193 = icmp sgt i32 %192, -1 br i1 %193, label %194, label %223 %224 = phi i32 [ %189, %186 ], [ %222, %221 ] %225 = getelementptr inbounds i8, i8* %40, i64 1 %226 = load i8, i8* %225, align 1 %227 = and i8 %226, 30 %228 = or i8 %227, -64 %229 = select i1 %69, i8 %228, i8 %226 %230 = getelementptr inbounds %struct.net.729175, %struct.net.729175* %34, i64 0, i32 34, i32 47 %231 = load volatile i32, i32* %230, align 4 %232 = icmp eq i32 %231, 0 br i1 %232, label %236, label %233 %237 = phi i32 [ %235, %233 ], [ 0, %223 ] %238 = getelementptr inbounds %struct.icmp_bxm, %struct.icmp_bxm* %9, i64 0, i32 5, i32 0, i32 1 %239 = call i32 bitcast (i32 (%struct.net.706629*, %struct.ip_options*, %struct.sk_buff.706937*, %struct.ip_options*)* @__ip_options_echo to i32 (%struct.net.729175*, %struct.ip_options*, %struct.sk_buff.729278*, %struct.ip_options*)*)(%struct.net.729175* %34, %struct.ip_options* %238, %struct.sk_buff.729278* %0, %struct.ip_options* %4) #69 Function:__ip_options_echo %5 = bitcast %struct.ip_options* %1 to i8* %6 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 2 %7 = load i8, i8* %6, align 4 %8 = icmp eq i8 %7, 0 br i1 %8, label %251, label %9 %10 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 40 %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.sk_buff.706937, %struct.sk_buff.706937* %2, i64 0, i32 35 %13 = load i16, i16* %12, align 4 %14 = zext i16 %13 to i64 %15 = getelementptr i8, i8* %11, i64 %14 %16 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %1, i64 0, i32 10, i64 0 %17 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 4 %18 = load i8, i8* %17, align 2 %19 = icmp eq i8 %18, 0 br i1 %19, label %54, label %20 %55 = phi i8 [ %53, %51 ], [ 20, %9 ] %56 = phi i8* [ %52, %51 ], [ %16, %9 ] %57 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 5 %58 = load i8, i8* %57, align 1 %59 = icmp eq i8 %58, 0 br i1 %59, label %135, label %60 %136 = phi i8* [ %132, %131 ], [ %56, %54 ] %137 = getelementptr inbounds %struct.ip_options, %struct.ip_options* %3, i64 0, i32 3 %138 = load i8, i8* %137, align 1 %139 = icmp eq i8 %138, 0 br i1 %139, label %214, label %140 %141 = zext i8 %138 to i64 %142 = getelementptr i8, i8* %15, i64 %141 %143 = getelementptr i8, i8* %142, i64 1 %144 = load i8, i8* %143, align 1 %145 = getelementptr i8, i8* %142, i64 2 %146 = load i8, i8* %145, align 1 %147 = zext i8 %146 to i32 %148 = icmp ugt i8 %146, %144 %149 = zext i8 %144 to i32 %150 = add nuw nsw i32 %149, 1 %151 = select i1 %148, i32 %150, i32 %147 %152 = icmp ugt i32 %151, 7 br i1 %152, label %153, label %214 %154 = add nsw i32 %151, -5 %155 = zext i32 %154 to i64 %156 = getelementptr i8, i8* %142, i64 %155 %157 = bitcast i8* %156 to i32* %158 = load i32, i32* %157, align 1 %159 = add nsw i32 %151, -8 %160 = icmp ugt i32 %151, 11 br i1 %160, label %161, label %177 %162 = phi i64 [ %173, %161 ], [ 4, %153 ] %163 = phi i32 [ %172, %161 ], [ %159, %153 ] %164 = add nsw i64 %162, -1 %165 = getelementptr i8, i8* %136, i64 %164 %166 = add nsw i32 %163, -1 %167 = zext i32 %166 to i64 %168 = getelementptr i8, i8* %142, i64 %167 %169 = bitcast i8* %168 to i32* %170 = bitcast i8* %165 to i32* %171 = load i32, i32* %169, align 1 store i32 %171, i32* %170, align 1 %172 = add nsw i32 %163, -4 %173 = add nuw nsw i64 %162, 4 %174 = icmp sgt i32 %163, 7 br i1 %174, label %161, label %175 %176 = trunc i64 %173 to i32 br label %177 %178 = phi i32 [ %159, %153 ], [ %172, %175 ] %179 = phi i32 [ 4, %153 ], [ %176, %175 ] %180 = load i8*, i8** %10, align 8 %181 = load i16, i16* %12, align 4 %182 = zext i16 %181 to i64 %183 = getelementptr i8, i8* %180, i64 %182 %184 = getelementptr inbounds i8, i8* %183, i64 12 %185 = add nsw i32 %178, 3 %186 = zext i32 %185 to i64 %187 = getelementptr i8, i8* %142, i64 %186 %188 = tail call i32 @bcmp(i8* dereferenceable(4) %184, i8* dereferenceable(4) %187, i64 4) ------------- Good: 1181 Bad: 85 Ignored: 1615 Check Use of Function:free_cgroup_ns Use: =BAD PATH= Call Stack: 0 cgroupns_put ------------- Path:  Function:cgroupns_put %2 = getelementptr %struct.ns_common.88354, %struct.ns_common.88354* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.cgroup_namespace.88577* %4 = icmp eq i32* %2, null br i1 %4, label %15, label %5 %6 = bitcast i32* %2 to %union.anon.21* %7 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %2, i32 -1, i32* nonnull %2) #6, !srcloc !4 %8 = icmp eq i32 %7, 1 br i1 %8, label %14, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 tail call void @free_cgroup_ns(%struct.cgroup_namespace.88577* nonnull %3) #69 ------------- Good: 8 Bad: 1 Ignored: 2 Check Use of Function:__lookup_slow Check Use of Function:strim Use: =BAD PATH= Call Stack: 0 tracing_clock_write ------------- Path:  Function:tracing_clock_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.96453** %8 = load %struct.seq_file.96453*, %struct.seq_file.96453** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.96453, %struct.seq_file.96453* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %27, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %27 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call i8* @strim(i8* nonnull %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 trace_set_options 1 tracing_trace_options_write ------------- Path:  Function:tracing_trace_options_write %5 = alloca [64 x i8], align 16 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.seq_file.96453** %8 = load %struct.seq_file.96453*, %struct.seq_file.96453** %7, align 8 %9 = getelementptr inbounds %struct.seq_file.96453, %struct.seq_file.96453* %8, i64 0, i32 12 %10 = bitcast i8** %9 to %struct.trace_array** %11 = load %struct.trace_array*, %struct.trace_array** %10, align 8 %12 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %13 = icmp ugt i64 %2, 63 br i1 %13, label %26, label %14 %15 = call i64 @_copy_from_user(i8* nonnull %12, i8* %1, i64 %2) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %26 %18 = getelementptr [64 x i8], [64 x i8]* %5, i64 0, i64 %2 store i8 0, i8* %18, align 1 %19 = call fastcc i32 @trace_set_options(%struct.trace_array* %11, i8* nonnull %12) #70 Function:trace_set_options %3 = tail call i64 @strlen(i8* %1) #69 %4 = tail call i8* @strim(i8* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca %struct.mmu_gather.161658, align 8 %7 = alloca i32, align 4 %8 = alloca %struct.mmu_notifier_range.161659, align 8 %9 = alloca %struct.kuid_t, align 4 %10 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %11 = bitcast %struct.mmu_gather.161658* %6 to i8* %12 = bitcast i32* %7 to i8* %13 = icmp ult i64 %2, 12 %14 = select i1 %13, i64 %2, i64 12 %15 = call i64 @_copy_from_user(i8* nonnull %10, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %122 %18 = call i8* @strim(i8* nonnull %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 oom_score_adj_write ------------- Path:  Function:oom_score_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %27 %14 = call i8* @strim(i8* nonnull %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 oom_adj_write ------------- Path:  Function:oom_adj_write %5 = alloca [13 x i8], align 1 %6 = alloca i32, align 4 %7 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %8 = bitcast i32* %6 to i8* %9 = icmp ult i64 %2, 12 %10 = select i1 %9, i64 %2, i64 12 %11 = call i64 @_copy_from_user(i8* nonnull %7, i8* %1, i64 %10) #69 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %35 %14 = call i8* @strim(i8* nonnull %7) #69 ------------- Good: 14 Bad: 5 Ignored: 18 Check Use of Function:nfs4_lookup_revalidate Check Use of Function:put_ipc_ns Use: =BAD PATH= Call Stack: 0 sysvipc_proc_release ------------- Path:  Function:sysvipc_proc_release %3 = getelementptr inbounds %struct.file.243130, %struct.file.243130* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file.242906** %5 = load %struct.seq_file.242906*, %struct.seq_file.242906** %4, align 8 %6 = getelementptr inbounds %struct.seq_file.242906, %struct.seq_file.242906* %5, i64 0, i32 12 %7 = bitcast i8** %6 to %struct.ipc_proc_iter** %8 = load %struct.ipc_proc_iter*, %struct.ipc_proc_iter** %7, align 8 %9 = getelementptr inbounds %struct.ipc_proc_iter, %struct.ipc_proc_iter* %8, i64 0, i32 0 %10 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %9, align 8 tail call void bitcast (void (%struct.ipc_namespace.245956*)* @put_ipc_ns to void (%struct.ipc_namespace.243034*)*)(%struct.ipc_namespace.243034* %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 shm_release ------------- Path:  Function:shm_release %3 = getelementptr inbounds %struct.file.244679, %struct.file.244679* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.shm_file_data** %5 = load %struct.shm_file_data*, %struct.shm_file_data** %4, align 8 %6 = getelementptr inbounds %struct.shm_file_data, %struct.shm_file_data* %5, i64 0, i32 1 %7 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %6, align 8 tail call void bitcast (void (%struct.ipc_namespace.245956*)* @put_ipc_ns to void (%struct.ipc_namespace.244524*)*)(%struct.ipc_namespace.244524* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 mqueue_create_attr 1 mqueue_create ------------- Path:  Function:mqueue_create %5 = tail call i32 @mqueue_create_attr(%struct.dentry.245620* %1, i16 zeroext %2, i8* null) #69 Function:mqueue_create_attr %4 = getelementptr inbounds %struct.dentry.245620, %struct.dentry.245620* %0, i64 0, i32 3 %5 = load %struct.dentry.245620*, %struct.dentry.245620** %4, align 8 %6 = getelementptr inbounds %struct.dentry.245620, %struct.dentry.245620* %5, i64 0, i32 5 %7 = load %struct.inode.245632*, %struct.inode.245632** %6, align 8 %8 = bitcast i8* %2 to %struct.mq_attr* tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @mq_lock, i64 0, i32 0, i32 0)) #69 %9 = getelementptr inbounds %struct.inode.245632, %struct.inode.245632* %7, i64 0, i32 8 %10 = load %struct.super_block.245615*, %struct.super_block.245615** %9, align 8 %11 = getelementptr inbounds %struct.super_block.245615, %struct.super_block.245615* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.ipc_namespace.245673** %13 = load %struct.ipc_namespace.245673*, %struct.ipc_namespace.245673** %12, align 32 %14 = icmp eq %struct.ipc_namespace.245673* %13, null br i1 %14, label %65, label %15 %66 = phi i32 [ %44, %42 ], [ -28, %32 ], [ -13, %3 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 store volatile i8 0, i8* bitcast (%struct.spinlock* @mq_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 br i1 %14, label %68, label %67 tail call void bitcast (void (%struct.ipc_namespace.245956*)* @put_ipc_ns to void (%struct.ipc_namespace.245673*)*)(%struct.ipc_namespace.245673* nonnull %13) #69 ------------- Use: =BAD PATH= Call Stack: 0 ipcns_put ------------- Path:  Function:ipcns_put %2 = getelementptr %struct.ns_common.245752, %struct.ns_common.245752* %0, i64 -34, i32 2 %3 = bitcast i32* %2 to %struct.ipc_namespace.245956* tail call void @put_ipc_ns(%struct.ipc_namespace.245956* %3) #69 ------------- Good: 10 Bad: 4 Ignored: 3 Check Use of Function:rtnl_register Check Use of Function:nfs_file_write Check Use of Function:kernfs_vfs_xattr_get Check Use of Function:propagate_mount_busy Check Use of Function:bad_inode_rmdir Check Use of Function:umount_tree Check Use of Function:put_fs_context Use: =BAD PATH= Call Stack: 0 fscontext_release ------------- Path:  Function:fscontext_release %3 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.fs_context.138693** %5 = load %struct.fs_context.138693*, %struct.fs_context.138693** %4, align 8 %6 = icmp eq %struct.fs_context.138693* %5, null br i1 %6, label %8, label %7 store i8* null, i8** %3, align 8 tail call void bitcast (void (%struct.fs_context.143997*)* @put_fs_context to void (%struct.fs_context.138693*)*)(%struct.fs_context.138693* nonnull %5) #69 ------------- Good: 16 Bad: 1 Ignored: 2 Check Use of Function:__ipv6_dev_ac_inc Check Use of Function:pci_user_read_config_dword Check Use of Function:_isofs_bmap Check Use of Function:fib_table_insert Check Use of Function:parse_monolithic_mount_data Check Use of Function:setup_swap_info Check Use of Function:netdev_update_lockdep_key Check Use of Function:lock_device_hotplug Check Use of Function:cdrom_count_tracks Check Use of Function:ksys_fchmod Check Use of Function:dir_add Check Use of Function:mntput_no_expire Check Use of Function:uart_change_speed Check Use of Function:__audit_inode Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __ia32_sys_mq_timedreceive_time32 ------------- Path:  Function:__ia32_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to i8* %24 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __x64_sys_mq_timedreceive_time32 ------------- Path:  Function:__x64_sys_mq_timedreceive_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %35 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %35, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %35 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = and i64 %9, 4294967295 %33 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %32, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __ia32_sys_mq_timedreceive ------------- Path:  Function:__ia32_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = trunc i64 %4 to i32 %18 = inttoptr i64 %7 to i8* %19 = inttoptr i64 %13 to i32* %20 = bitcast %struct.anon.54* %2 to i8* %21 = icmp eq i64 %16, 0 br i1 %21, label %34, label %22 %23 = inttoptr i64 %16 to %struct.anon.54* %24 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %38 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %28 = load i64, i64* %27, align 8 %29 = icmp slt i64 %28, 0 br i1 %29, label %38, label %30 %31 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %32 = load i64, i64* %31, align 8 %33 = icmp ult i64 %32, 1000000000 br i1 %33, label %34, label %38 %35 = phi %struct.anon.54* [ null, %1 ], [ %2, %30 ] %36 = call fastcc i32 @do_mq_timedreceive(i32 %17, i8* %18, i64 %10, i32* %19, %struct.anon.54* %35) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedreceive 2 __x64_sys_mq_timedreceive ------------- Path:  Function:__x64_sys_mq_timedreceive %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i32** %12 = load i32*, i32** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %4 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %14, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %14 to %struct.anon.54* %20 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedreceive(i32 %15, i8* %7, i64 %9, i32* %12, %struct.anon.54* %31) #69 Function:do_mq_timedreceive %6 = alloca %struct.ext_wait_queue, align 8 %7 = alloca i64, align 8 %8 = alloca %struct.wake_q_head, align 8 %9 = bitcast %struct.ext_wait_queue* %6 to i8* %10 = bitcast i64* %7 to i8* %11 = icmp eq %struct.anon.54* %4, null br i1 %11, label %21, label %12 %22 = phi i64* [ %7, %12 ], [ null, %5 ] %23 = tail call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !5 %24 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %23, i64 0, i32 97 %25 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %26 = icmp eq %struct.audit_context* %25, null br i1 %26, label %32, label %27 %33 = tail call i64 @__fdget(i32 %0) #69 %34 = and i64 %33, -4 %35 = inttoptr i64 %34 to %struct.file.245414* %36 = icmp eq i64 %34, 0 br i1 %36, label %179, label %37, !prof !4, !misexpect !6 %38 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 2 %39 = load %struct.inode.245632*, %struct.inode.245632** %38, align 8 %40 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %35, i64 0, i32 3 %41 = load %struct.file_operations.245405*, %struct.file_operations.245405** %40, align 8 %42 = icmp eq %struct.file_operations.245405* %41, @mqueue_file_operations br i1 %42, label %43, label %174, !prof !7, !misexpect !6 %44 = getelementptr %struct.inode.245632, %struct.inode.245632* %39, i64 -1, i32 47 %45 = bitcast i8** %44 to %struct.mqueue_inode_info* %46 = load %struct.audit_context*, %struct.audit_context** %24, align 8 %47 = icmp eq %struct.audit_context* %46, null br i1 %47, label %53, label %48 %49 = bitcast %struct.audit_context* %46 to i32* %50 = load i32, i32* %49, align 4 %51 = icmp eq i32 %50, 0 br i1 %51, label %52, label %53, !prof !4, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %35) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fremovexattr 2 __ia32_sys_fremovexattr ------------- Path:  Function:__ia32_sys_fremovexattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_fremovexattr(i64 %4, i64 %7) #69 Function:__se_sys_fremovexattr %3 = alloca [256 x i8], align 16 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* %6 = tail call i64 @__fdget(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.112786* %9 = icmp eq i64 %7, 0 br i1 %9, label %46, label %10 %11 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %11, i64 0, i32 97 %13 = load %struct.audit_context*, %struct.audit_context** %12, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %20, label %15 %16 = bitcast %struct.audit_context* %13 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %8) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fremovexattr 2 __x64_sys_fremovexattr ------------- Path:  Function:__x64_sys_fremovexattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_fremovexattr(i64 %3, i64 %5) #69 Function:__se_sys_fremovexattr %3 = alloca [256 x i8], align 16 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to i8* %6 = tail call i64 @__fdget(i32 %4) #69 %7 = and i64 %6, -4 %8 = inttoptr i64 %7 to %struct.file.112786* %9 = icmp eq i64 %7, 0 br i1 %9, label %46, label %10 %11 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %11, i64 0, i32 97 %13 = load %struct.audit_context*, %struct.audit_context** %12, align 8 %14 = icmp eq %struct.audit_context* %13, null br i1 %14, label %20, label %15 %16 = bitcast %struct.audit_context* %13 to i32* %17 = load i32, i32* %16, align 4 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %20, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %8) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_flistxattr ------------- Path:  Function:__x64_sys_flistxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = tail call i64 @__fdget(i32 %9) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.112786* %13 = icmp eq i64 %11, 0 br i1 %13, label %31, label %14 %15 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %15, i64 0, i32 97 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 8 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_fgetxattr ------------- Path:  Function:__ia32_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %6 to i8* %15 = inttoptr i64 %9 to i8* %16 = tail call i64 @__fdget(i32 %13) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.112786* %19 = icmp eq i64 %17, 0 br i1 %19, label %37, label %20 %21 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %22 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %21, i64 0, i32 97 %23 = load %struct.audit_context*, %struct.audit_context** %22, align 8 %24 = icmp eq %struct.audit_context* %23, null br i1 %24, label %30, label %25 %26 = bitcast %struct.audit_context* %23 to i32* %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, 0 br i1 %28, label %29, label %30, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %18) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_fgetxattr ------------- Path:  Function:__x64_sys_fgetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call i64 @__fdget(i32 %12) #69 %14 = and i64 %13, -4 %15 = inttoptr i64 %14 to %struct.file.112786* %16 = icmp eq i64 %14, 0 br i1 %16, label %34, label %17 %18 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %19 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %18, i64 0, i32 97 %20 = load %struct.audit_context*, %struct.audit_context** %19, align 8 %21 = icmp eq %struct.audit_context* %20, null br i1 %21, label %27, label %22 %23 = bitcast %struct.audit_context* %20 to i32* %24 = load i32, i32* %23, align 4 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %27, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %15) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fsetxattr 2 __ia32_sys_fsetxattr ------------- Path:  Function:__ia32_sys_fsetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsetxattr(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsetxattr %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget(i32 %6) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.112786* %13 = icmp eq i64 %11, 0 br i1 %13, label %39, label %14 %15 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %15, i64 0, i32 97 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 8 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __se_sys_fsetxattr 2 __x64_sys_fsetxattr ------------- Path:  Function:__x64_sys_fsetxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsetxattr(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsetxattr %6 = trunc i64 %0 to i32 %7 = inttoptr i64 %1 to i8* %8 = inttoptr i64 %2 to i8* %9 = trunc i64 %4 to i32 %10 = tail call i64 @__fdget(i32 %6) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.112786* %13 = icmp eq i64 %11, 0 br i1 %13, label %39, label %14 %15 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %16 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %15, i64 0, i32 97 %17 = load %struct.audit_context*, %struct.audit_context** %16, align 8 %18 = icmp eq %struct.audit_context* %17, null br i1 %18, label %24, label %19 %20 = bitcast %struct.audit_context* %17 to i32* %21 = load i32, i32* %20, align 4 %22 = icmp eq i32 %21, 0 br i1 %22, label %23, label %24, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %12) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_flistxattr ------------- Path:  Function:__ia32_sys_flistxattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i8* %12 = tail call i64 @__fdget(i32 %10) #69 %13 = and i64 %12, -4 %14 = inttoptr i64 %13 to %struct.file.112786* %15 = icmp eq i64 %13, 0 br i1 %15, label %33, label %16 %17 = tail call %struct.task_struct.112690* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.112690** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.112690**)) #10, !srcloc !4 %18 = getelementptr inbounds %struct.task_struct.112690, %struct.task_struct.112690* %17, i64 0, i32 97 %19 = load %struct.audit_context*, %struct.audit_context** %18, align 8 %20 = icmp eq %struct.audit_context* %19, null br i1 %20, label %26, label %21 %22 = bitcast %struct.audit_context* %19 to i32* %23 = load i32, i32* %22, align 4 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %26, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.112786*)*)(%struct.file.112786* nonnull %14) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __ia32_sys_fchmod ------------- Path:  Function:__ia32_sys_fchmod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i16 %8 = tail call i64 @__fdget(i32 %6) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.43183* %11 = icmp eq i64 %9, 0 br i1 %11, label %28, label %12 %13 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %18 = bitcast %struct.audit_context* %15 to i32* %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.43183*)*)(%struct.file.43183* nonnull %10) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 __x64_sys_fchmod ------------- Path:  Function:__x64_sys_fchmod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i16 %8 = tail call i64 @__fdget(i32 %6) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.43183* %11 = icmp eq i64 %9, 0 br i1 %11, label %28, label %12 %13 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %13, i64 0, i32 97 %15 = load %struct.audit_context*, %struct.audit_context** %14, align 8 %16 = icmp eq %struct.audit_context* %15, null br i1 %16, label %22, label %17 %18 = bitcast %struct.audit_context* %15 to i32* %19 = load i32, i32* %18, align 4 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %22, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.43183*)*)(%struct.file.43183* nonnull %10) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __ia32_sys_mq_timedsend_time32 ------------- Path:  Function:__ia32_sys_mq_timedsend_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %4 to i32 %17 = inttoptr i64 %7 to i8* %18 = trunc i64 %12 to i32 %19 = bitcast %struct.anon.54* %2 to i8* %20 = icmp eq i64 %15, 0 br i1 %20, label %33, label %21 %22 = inttoptr i64 %15 to i8* %23 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %22) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %37 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp slt i64 %27, 0 br i1 %28, label %37, label %29 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %31 = load i64, i64* %30, align 8 %32 = icmp ult i64 %31, 1000000000 br i1 %32, label %33, label %37 %34 = phi %struct.anon.54* [ null, %1 ], [ %2, %29 ] %35 = call fastcc i32 @do_mq_timedsend(i32 %16, i8* %17, i64 %10, i32 %18, %struct.anon.54* %34) #69 Function:do_mq_timedsend %6 = alloca %struct.kernel_siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.54* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %30, i64 0, i32 97 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 2 %46 = load %struct.inode.245632*, %struct.inode.245632** %45, align 8 %47 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 3 %48 = load %struct.file_operations.245405*, %struct.file_operations.245405** %47, align 8 %49 = icmp eq %struct.file_operations.245405* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.245632, %struct.inode.245632* %46, i64 -1, i32 47 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __x64_sys_mq_timedsend_time32 ------------- Path:  Function:__x64_sys_mq_timedsend_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %11 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %13, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %13 to i8* %20 = call i32 @get_old_timespec32(%struct.anon.54* nonnull %2, i8* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %35 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %35, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %35 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = and i64 %9, 4294967295 %33 = call fastcc i32 @do_mq_timedsend(i32 %14, i8* %7, i64 %32, i32 %15, %struct.anon.54* %31) #69 Function:do_mq_timedsend %6 = alloca %struct.kernel_siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.54* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %30, i64 0, i32 97 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 2 %46 = load %struct.inode.245632*, %struct.inode.245632** %45, align 8 %47 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 3 %48 = load %struct.file_operations.245405*, %struct.file_operations.245405** %47, align 8 %49 = icmp eq %struct.file_operations.245405* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.245632, %struct.inode.245632* %46, i64 -1, i32 47 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __ia32_sys_mq_timedsend ------------- Path:  Function:__ia32_sys_mq_timedsend %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = trunc i64 %4 to i32 %17 = inttoptr i64 %7 to i8* %18 = trunc i64 %12 to i32 %19 = bitcast %struct.anon.54* %2 to i8* %20 = icmp eq i64 %15, 0 br i1 %20, label %33, label %21 %22 = inttoptr i64 %15 to %struct.anon.54* %23 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %22) #69 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %37 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %27 = load i64, i64* %26, align 8 %28 = icmp slt i64 %27, 0 br i1 %28, label %37, label %29 %30 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %31 = load i64, i64* %30, align 8 %32 = icmp ult i64 %31, 1000000000 br i1 %32, label %33, label %37 %34 = phi %struct.anon.54* [ null, %1 ], [ %2, %29 ] %35 = call fastcc i32 @do_mq_timedsend(i32 %16, i8* %17, i64 %10, i32 %18, %struct.anon.54* %34) #69 Function:do_mq_timedsend %6 = alloca %struct.kernel_siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.54* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %30, i64 0, i32 97 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 2 %46 = load %struct.inode.245632*, %struct.inode.245632** %45, align 8 %47 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 3 %48 = load %struct.file_operations.245405*, %struct.file_operations.245405** %47, align 8 %49 = icmp eq %struct.file_operations.245405* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.245632, %struct.inode.245632* %46, i64 -1, i32 47 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __audit_file 1 do_mq_timedsend 2 __x64_sys_mq_timedsend ------------- Path:  Function:__x64_sys_mq_timedsend %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %4 to i32 %15 = trunc i64 %11 to i32 %16 = bitcast %struct.anon.54* %2 to i8* %17 = icmp eq i64 %13, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %13 to %struct.anon.54* %20 = call i32 @get_timespec64(%struct.anon.54* nonnull %2, %struct.anon.54* nonnull %19) #69 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %34 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = icmp slt i64 %24, 0 br i1 %25, label %34, label %26 %27 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %2, i64 0, i32 1 %28 = load i64, i64* %27, align 8 %29 = icmp ult i64 %28, 1000000000 br i1 %29, label %30, label %34 %31 = phi %struct.anon.54* [ null, %1 ], [ %2, %26 ] %32 = call fastcc i32 @do_mq_timedsend(i32 %14, i8* %7, i64 %9, i32 %15, %struct.anon.54* %31) #69 Function:do_mq_timedsend %6 = alloca %struct.kernel_siginfo, align 8 %7 = alloca %struct.ext_wait_queue, align 8 %8 = alloca i64, align 8 %9 = alloca %struct.wake_q_head, align 8 %10 = bitcast %struct.ext_wait_queue* %7 to i8* %11 = bitcast i64* %8 to i8* %12 = bitcast %struct.wake_q_head* %9 to i8* %13 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %13, align 8 %14 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %9, i64 0, i32 1 store %struct.wake_q_node** %13, %struct.wake_q_node*** %14, align 8 %15 = zext i32 %3 to i64 %16 = icmp ugt i32 %3, 32767 br i1 %16, label %251, label %17, !prof !4, !misexpect !5 %18 = icmp eq %struct.anon.54* %4, null br i1 %18, label %28, label %19 %29 = phi i64* [ %8, %19 ], [ null, %17 ] %30 = call %struct.task_struct.245736* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.245736** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.245736**)) #10, !srcloc !6 %31 = getelementptr inbounds %struct.task_struct.245736, %struct.task_struct.245736* %30, i64 0, i32 97 %32 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %33 = icmp eq %struct.audit_context* %32, null br i1 %33, label %39, label %34 %40 = call i64 @__fdget(i32 %0) #69 %41 = and i64 %40, -4 %42 = inttoptr i64 %41 to %struct.file.245414* %43 = icmp eq i64 %41, 0 br i1 %43, label %251, label %44, !prof !4, !misexpect !5 %45 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 2 %46 = load %struct.inode.245632*, %struct.inode.245632** %45, align 8 %47 = getelementptr inbounds %struct.file.245414, %struct.file.245414* %42, i64 0, i32 3 %48 = load %struct.file_operations.245405*, %struct.file_operations.245405** %47, align 8 %49 = icmp eq %struct.file_operations.245405* %48, @mqueue_file_operations br i1 %49, label %50, label %246, !prof !7, !misexpect !5 %51 = getelementptr %struct.inode.245632, %struct.inode.245632* %46, i64 -1, i32 47 %52 = bitcast i8** %51 to %struct.mqueue_inode_info* %53 = load %struct.audit_context*, %struct.audit_context** %31, align 8 %54 = icmp eq %struct.audit_context* %53, null br i1 %54, label %60, label %55 %56 = bitcast %struct.audit_context* %53 to i32* %57 = load i32, i32* %56, align 4 %58 = icmp eq i32 %57, 0 br i1 %58, label %59, label %60, !prof !4, !misexpect !5 call void bitcast (void (%struct.file.92168*)* @__audit_file to void (%struct.file.245414*)*)(%struct.file.245414* nonnull %42) #69 Function:__audit_file %2 = getelementptr inbounds %struct.file.92168, %struct.file.92168* %0, i64 0, i32 1, i32 1 %3 = load %struct.dentry.92330*, %struct.dentry.92330** %2, align 8 tail call void @__audit_inode(%struct.filename* null, %struct.dentry.92330* %3, i32 0) #69 ------------- Good: 17 Bad: 18 Ignored: 15 Check Use of Function:drm_gem_open Check Use of Function:random_read_iter Check Use of Function:translate_table Check Use of Function:ip_tunnel_update Check Use of Function:create_new_namespaces Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __ia32_sys_setns ------------- Path:  Function:__ia32_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setns(i64 %4, i64 %7) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !4 %6 = tail call %struct.file.49837* bitcast (%struct.file.143576* (i32)* @proc_ns_fget to %struct.file.49837* (i32)*)(i32 %3) #69 %7 = icmp ugt %struct.file.49837* %6, inttoptr (i64 -4096 to %struct.file.49837*) br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.file.49837, %struct.file.49837* %6, i64 0, i32 2 %12 = load %struct.inode.49994*, %struct.inode.49994** %11, align 8 %13 = getelementptr inbounds %struct.inode.49994, %struct.inode.49994* %12, i64 0, i32 47 %14 = bitcast i8** %13 to %struct.ns_common.49831** %15 = load %struct.ns_common.49831*, %struct.ns_common.49831** %14, align 8 %16 = icmp eq i32 %4, 0 br i1 %16, label %23, label %17 %18 = getelementptr inbounds %struct.ns_common.49831, %struct.ns_common.49831* %15, i64 0, i32 1 %19 = load %struct.proc_ns_operations.49830*, %struct.proc_ns_operations.49830** %18, align 8 %20 = getelementptr inbounds %struct.proc_ns_operations.49830, %struct.proc_ns_operations.49830* %19, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %4 br i1 %22, label %23, label %54 %24 = getelementptr inbounds %struct.task_struct.50083, %struct.task_struct.50083* %5, i64 0, i32 84 %25 = load %struct.fs_struct*, %struct.fs_struct** %24, align 64 %26 = tail call fastcc %struct.nsproxy.49829* @create_new_namespaces(i64 0, %struct.task_struct.50083* %5, %struct.user_namespace.49832* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.kuid_t, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [9 x i32] }* @init_user_ns to %struct.user_namespace.49832*), %struct.fs_struct* %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setns 1 __x64_sys_setns ------------- Path:  Function:__x64_sys_setns %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setns(i64 %3, i64 %5) #69 Function:__se_sys_setns %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !4 %6 = tail call %struct.file.49837* bitcast (%struct.file.143576* (i32)* @proc_ns_fget to %struct.file.49837* (i32)*)(i32 %3) #69 %7 = icmp ugt %struct.file.49837* %6, inttoptr (i64 -4096 to %struct.file.49837*) br i1 %7, label %8, label %10 %11 = getelementptr inbounds %struct.file.49837, %struct.file.49837* %6, i64 0, i32 2 %12 = load %struct.inode.49994*, %struct.inode.49994** %11, align 8 %13 = getelementptr inbounds %struct.inode.49994, %struct.inode.49994* %12, i64 0, i32 47 %14 = bitcast i8** %13 to %struct.ns_common.49831** %15 = load %struct.ns_common.49831*, %struct.ns_common.49831** %14, align 8 %16 = icmp eq i32 %4, 0 br i1 %16, label %23, label %17 %18 = getelementptr inbounds %struct.ns_common.49831, %struct.ns_common.49831* %15, i64 0, i32 1 %19 = load %struct.proc_ns_operations.49830*, %struct.proc_ns_operations.49830** %18, align 8 %20 = getelementptr inbounds %struct.proc_ns_operations.49830, %struct.proc_ns_operations.49830* %19, i64 0, i32 2 %21 = load i32, i32* %20, align 8 %22 = icmp eq i32 %21, %4 br i1 %22, label %23, label %54 %24 = getelementptr inbounds %struct.task_struct.50083, %struct.task_struct.50083* %5, i64 0, i32 84 %25 = load %struct.fs_struct*, %struct.fs_struct** %24, align 64 %26 = tail call fastcc %struct.nsproxy.49829* @create_new_namespaces(i64 0, %struct.task_struct.50083* %5, %struct.user_namespace.49832* nonnull bitcast ({ { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, { i32, [4 x i8], { [5 x %struct.kernel_symbol], [4 x i8] } }, %struct.kuid_t, %struct.user_namespace*, i32, %struct.kuid_t, %struct.kuid_t, %struct.ns_common, i64, %struct.list_head, %struct.key*, %struct.rw_semaphore, %struct.work_struct, %struct.ctl_table_set, %struct.ctl_table_header*, %struct.ucounts*, [9 x i32] }* @init_user_ns to %struct.user_namespace.49832*), %struct.fs_struct* %25) #69 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:step_into Check Use of Function:set_fs_root Check Use of Function:__audit_inode_child Check Use of Function:ip_tunnel_bind_dev Check Use of Function:dm_pr_release Check Use of Function:__detach_mounts Check Use of Function:ipcperms Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 compat_ksys_shmctl 2 __ia32_compat_sys_old_shmctl ------------- Path:  Function:__ia32_compat_sys_old_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = and i32 %10, 256 %13 = and i32 %10, -257 %14 = tail call i64 @compat_ksys_shmctl(i32 %9, i32 %13, i8* %11, i32 %12) #69 Function:compat_ksys_shmctl %5 = alloca %struct.compat_shmid64_ds, align 4 %6 = alloca %struct.compat_shmid_ds, align 4 %7 = alloca %struct.mmap_arg_struct32, align 4 %8 = alloca %struct.ethtool_ringparam, align 4 %9 = alloca %struct.gnet_stats_queue, align 4 %10 = alloca %struct.shmid64_ds, align 8 %11 = alloca %struct.shm_info, align 8 %12 = bitcast %struct.shmid64_ds* %10 to i8* %13 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %16, align 8 %18 = or i32 %1, %0 %19 = icmp sgt i32 %18, -1 br i1 %19, label %20, label %231 switch i32 %1, label %231 [ i32 3, label %21 i32 14, label %88 i32 2, label %124 i32 15, label %124 i32 13, label %124 i32 1, label %213 i32 0, label %225 i32 11, label %228 i32 12, label %228 ] %125 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.244524* %17, i32 %0, i32 %1, %struct.shmid64_ds* nonnull %10) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 compat_ksys_shmctl 2 compat_ksys_old_shmctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %106 = zext i32 %4 to i64 %107 = inttoptr i64 %106 to i8* %108 = tail call i64 @compat_ksys_old_shmctl(i32 %1, i32 %2, i8* %107) #69 Function:compat_ksys_old_shmctl %4 = and i32 %1, 256 %5 = and i32 %1, -257 %6 = tail call i64 @compat_ksys_shmctl(i32 %0, i32 %5, i8* %2, i32 %4) #69 Function:compat_ksys_shmctl %5 = alloca %struct.compat_shmid64_ds, align 4 %6 = alloca %struct.compat_shmid_ds, align 4 %7 = alloca %struct.mmap_arg_struct32, align 4 %8 = alloca %struct.ethtool_ringparam, align 4 %9 = alloca %struct.gnet_stats_queue, align 4 %10 = alloca %struct.shmid64_ds, align 8 %11 = alloca %struct.shm_info, align 8 %12 = bitcast %struct.shmid64_ds* %10 to i8* %13 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %16, align 8 %18 = or i32 %1, %0 %19 = icmp sgt i32 %18, -1 br i1 %19, label %20, label %231 switch i32 %1, label %231 [ i32 3, label %21 i32 14, label %88 i32 2, label %124 i32 15, label %124 i32 13, label %124 i32 1, label %213 i32 0, label %225 i32 11, label %228 i32 12, label %228 ] %125 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.244524* %17, i32 %0, i32 %1, %struct.shmid64_ds* nonnull %10) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 compat_ksys_shmctl 2 __ia32_compat_sys_shmctl ------------- Path:  Function:__ia32_compat_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call i64 @compat_ksys_shmctl(i32 %9, i32 %10, i8* %11, i32 256) #69 Function:compat_ksys_shmctl %5 = alloca %struct.compat_shmid64_ds, align 4 %6 = alloca %struct.compat_shmid_ds, align 4 %7 = alloca %struct.mmap_arg_struct32, align 4 %8 = alloca %struct.ethtool_ringparam, align 4 %9 = alloca %struct.gnet_stats_queue, align 4 %10 = alloca %struct.shmid64_ds, align 8 %11 = alloca %struct.shm_info, align 8 %12 = bitcast %struct.shmid64_ds* %10 to i8* %13 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %16, align 8 %18 = or i32 %1, %0 %19 = icmp sgt i32 %18, -1 br i1 %19, label %20, label %231 switch i32 %1, label %231 [ i32 3, label %21 i32 14, label %88 i32 2, label %124 i32 15, label %124 i32 13, label %124 i32 1, label %213 i32 0, label %225 i32 11, label %228 i32 12, label %228 ] %125 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.244524* %17, i32 %0, i32 %1, %struct.shmid64_ds* nonnull %10) #70 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 __se_sys_shmctl 2 __ia32_sys_shmctl ------------- Path:  Function:__ia32_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_shmctl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_shmctl %4 = alloca %struct.shmid64_ds, align 8 %5 = alloca %struct.mem_dqblk, align 8 %6 = alloca %struct.shm_info, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = bitcast %struct.shmid64_ds* %4 to i8* %10 = or i64 %1, %0 %11 = trunc i64 %10 to i32 %12 = icmp sgt i32 %11, -1 br i1 %12, label %13, label %99 %14 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %14, i64 0, i32 86 %16 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %15, align 16 %17 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %17, align 8 switch i32 %8, label %99 [ i32 3, label %19 i32 14, label %66 i32 13, label %78 i32 15, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %93 i32 11, label %96 i32 12, label %96 ] %79 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.244524* %18, i32 %7, i32 %8, %struct.shmid64_ds* nonnull %4) #69 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 shmctl_stat 1 __se_sys_shmctl 2 __x64_sys_shmctl ------------- Path:  Function:__x64_sys_shmctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_shmctl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_shmctl %4 = alloca %struct.shmid64_ds, align 8 %5 = alloca %struct.mem_dqblk, align 8 %6 = alloca %struct.shm_info, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = bitcast %struct.shmid64_ds* %4 to i8* %10 = or i64 %1, %0 %11 = trunc i64 %10 to i32 %12 = icmp sgt i32 %11, -1 br i1 %12, label %13, label %99 %14 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %15 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %14, i64 0, i32 86 %16 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %15, align 16 %17 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %16, i64 0, i32 2 %18 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %17, align 8 switch i32 %8, label %99 [ i32 3, label %19 i32 14, label %66 i32 13, label %78 i32 15, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %93 i32 11, label %96 i32 12, label %96 ] %79 = call fastcc i32 @shmctl_stat(%struct.ipc_namespace.244524* %18, i32 %7, i32 %8, %struct.shmid64_ds* nonnull %4) #69 Function:shmctl_stat %5 = bitcast %struct.shmid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 15 %7 = and i32 %2, -3 %8 = icmp eq i32 %7, 13 %9 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %0, i64 0, i32 1, i64 2 br i1 %8, label %10, label %16 %17 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %9, i32 %1) #69 %18 = icmp ugt %struct.kern_ipc_perm* %17, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %18, label %19, label %22 %23 = phi %struct.kern_ipc_perm* [ %11, %10 ], [ %17, %16 ] br i1 %6, label %24, label %34 %35 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %0, %struct.kern_ipc_perm* %23, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %80 = bitcast i64* %8 to i8* %81 = icmp eq i32 %9, 1 br i1 %81, label %94, label %82 %83 = zext i32 %4 to i64 %84 = inttoptr i64 %83 to i8* %85 = call i64 @do_shmat(i32 %1, i8* %84, i32 %2, i64* nonnull %8, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %207, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %45, i64 0, i32 86 %47 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %46, align 16 %48 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __ia32_compat_sys_shmat ------------- Path:  Function:__ia32_compat_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast i64* %2 to i8* %13 = inttoptr i64 %7 to i8* %14 = call i64 @do_shmat(i32 %10, i8* %13, i32 %11, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %207, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %45, i64 0, i32 86 %47 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %46, align 16 %48 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __ia32_sys_shmat ------------- Path:  Function:__ia32_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = inttoptr i64 %7 to i8* %12 = trunc i64 %9 to i32 %13 = bitcast i64* %2 to i8* %14 = call i64 @do_shmat(i32 %10, i8* %11, i32 %12, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %207, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %45, i64 0, i32 86 %47 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %46, align 16 %48 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_shmat 1 __x64_sys_shmat ------------- Path:  Function:__x64_sys_shmat %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast i64* %2 to i8* %13 = call i64 @do_shmat(i32 %10, i8* %7, i32 %11, i64* nonnull %2, i64 4096) #69 Function:do_shmat %6 = alloca i64, align 8 %7 = ptrtoint i8* %1 to i64 %8 = bitcast i64* %6 to i8* store i64 0, i64* %6, align 8 %9 = icmp slt i32 %0, 0 br i1 %9, label %207, label %10 %11 = icmp eq i8* %1, null br i1 %11, label %29, label %12 %13 = add i64 %4, -1 %14 = and i64 %13, %7 %15 = icmp eq i64 %14, 0 br i1 %15, label %32, label %16 %33 = phi i64 [ 0, %29 ], [ %21, %19 ], [ 0, %23 ], [ %7, %26 ], [ %7, %12 ] %34 = phi i64 [ 1, %29 ], [ 17, %19 ], [ 17, %23 ], [ 17, %26 ], [ 17, %12 ] %35 = and i32 %2, 4096 %36 = icmp eq i32 %35, 0 %37 = select i1 %36, i64 3, i64 1 %38 = select i1 %36, i32 438, i32 292 %39 = lshr exact i32 %35, 11 %40 = xor i32 %39, 2 %41 = trunc i32 %2 to i16 %42 = icmp sgt i16 %41, -1 %43 = or i64 %37, 4 %44 = select i1 %42, i64 %37, i64 %43 %45 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %46 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %45, i64 0, i32 86 %47 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %46, align 16 %48 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %47, i64 0, i32 2 %49 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %48, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %50 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %49, i64 0, i32 1, i64 2 %51 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %50, i32 %0) #69 %52 = icmp ugt %struct.kern_ipc_perm* %51, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %52, label %53, label %56 %57 = or i32 %38, 73 %58 = select i1 %42, i32 %38, i32 %57 %59 = trunc i32 %58 to i16 %60 = tail call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.kern_ipc_perm*, i16)* @ipcperms to i32 (%struct.ipc_namespace.244524*, %struct.kern_ipc_perm*, i16)*)(%struct.ipc_namespace.244524* %49, %struct.kern_ipc_perm* %51, i16 signext %59) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop_time32 ------------- Path:  Function:__ia32_sys_semtimedop_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop_time32 ------------- Path:  Function:__x64_sys_semtimedop_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 compat_ksys_ipc 3 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %17 = zext i32 %4 to i64 %18 = inttoptr i64 %17 to %struct.orc_entry* %19 = zext i32 %5 to i64 %20 = inttoptr i64 %19 to %struct.util_est* %21 = tail call i64 @compat_ksys_semtimedop(i32 %1, %struct.orc_entry* %18, i32 %2, %struct.util_est* %20) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.54, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.54* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %372 = phi %struct.sem_undo* [ %165, %164 ], [ %155, %154 ], [ %322, %370 ] %373 = icmp ugt %struct.sem_undo* %372, inttoptr (i64 -4096 to %struct.sem_undo*) br i1 %373, label %374, label %382 %383 = phi i32 [ %72, %371 ], [ %379, %378 ] %384 = phi i8 [ %86, %371 ], [ %380, %378 ] %385 = phi i8 [ %80, %371 ], [ %381, %378 ] %386 = phi %struct.sem_undo* [ %372, %371 ], [ null, %378 ] %387 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %388 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %387, i32 %0) #69 %389 = bitcast %struct.kern_ipc_perm* %388 to %struct.sem_array* %390 = bitcast %struct.kern_ipc_perm* %388 to i8* %391 = icmp ugt %struct.kern_ipc_perm* %388, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %391, label %392, label %395 %396 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %388, i64 1, i32 11 %397 = bitcast %struct.rhash_head* %396 to i32* %398 = load i32, i32* %397, align 8 %399 = icmp slt i32 %383, %398 br i1 %399, label %401, label %400 %402 = and i8 %384, 1 %403 = icmp eq i8 %402, 0 %404 = select i1 %403, i16 292, i16 146 %405 = call i32 @ipcperms(%struct.ipc_namespace.243034* %15, %struct.kern_ipc_perm* %388, i16 signext %404) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_old_semctl ------------- Path:  Function:__ia32_compat_sys_old_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = and i32 %12, 256 %15 = and i32 %12, -257 %16 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %15, i32 %13, i32 %14) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 compat_ksys_old_semctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %27 = icmp eq i32 %4, 0 br i1 %27, label %110, label %28 %30 = zext i32 %4 to i64 %31 = inttoptr i64 %30 to i32* %32 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %31, i64 4, i64 %29) #6, !srcloc !4 %33 = extractvalue { i32*, i64, i64 } %32, 0 %34 = extractvalue { i32*, i64, i64 } %32, 2 %35 = ptrtoint i32* %33 to i64 %36 = and i64 %35, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %110, !prof !5, !misexpect !6 %39 = extractvalue { i32*, i64, i64 } %32, 1 %40 = trunc i64 %39 to i32 %41 = tail call i64 @compat_ksys_old_semctl(i32 %1, i32 %2, i32 %3, i32 %40) #69 Function:compat_ksys_old_semctl %5 = and i32 %2, 256 %6 = and i32 %2, -257 %7 = tail call fastcc i64 @compat_ksys_semctl(i32 %0, i32 %1, i32 %6, i32 %3, i32 %5) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13, i32 256) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %24 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %16, i32 %0, i32 %2, %struct.semid64_ds* nonnull %8) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 __se_sys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_semctl(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %22 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %8, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_stat 1 __se_sys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_semctl(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %22 = call fastcc i32 @semctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %8, %struct.semid64_ds* nonnull %5) #69 Function:semctl_stat %5 = bitcast %struct.semid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 20 switch i32 %2, label %14 [ i32 20, label %7 i32 18, label %7 ] %15 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] %23 = bitcast %struct.kern_ipc_perm* %22 to %struct.sem_array* br i1 %6, label %24, label %34 %35 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 compat_ksys_semctl 2 __ia32_compat_sys_old_semctl ------------- Path:  Function:__ia32_compat_sys_old_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = and i32 %12, 256 %15 = and i32 %12, -257 %16 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %15, i32 %13, i32 %14) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %77 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %2, i8* %10) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 compat_ksys_semctl 2 compat_ksys_old_semctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %27 = icmp eq i32 %4, 0 br i1 %27, label %110, label %28 %30 = zext i32 %4 to i64 %31 = inttoptr i64 %30 to i32* %32 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %31, i64 4, i64 %29) #6, !srcloc !4 %33 = extractvalue { i32*, i64, i64 } %32, 0 %34 = extractvalue { i32*, i64, i64 } %32, 2 %35 = ptrtoint i32* %33 to i64 %36 = and i64 %35, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %110, !prof !5, !misexpect !6 %39 = extractvalue { i32*, i64, i64 } %32, 1 %40 = trunc i64 %39 to i32 %41 = tail call i64 @compat_ksys_old_semctl(i32 %1, i32 %2, i32 %3, i32 %40) #69 Function:compat_ksys_old_semctl %5 = and i32 %2, 256 %6 = and i32 %2, -257 %7 = tail call fastcc i64 @compat_ksys_semctl(i32 %0, i32 %1, i32 %6, i32 %3, i32 %5) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %77 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %2, i8* %10) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13, i32 256) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %77 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %2, i8* %10) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 __se_sys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_semctl(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %32 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, i32 %8, i8* %9) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_main 1 __se_sys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_semctl(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %32 = tail call fastcc i32 @semctl_main(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, i32 %8, i8* %9) #69 Function:semctl_main %6 = alloca [256 x i16], align 16 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [256 x i16]* %6 to i8* %9 = getelementptr inbounds [256 x i16], [256 x i16]* %6, i64 0, i64 0 %10 = bitcast %struct.wake_q_head* %7 to i8* %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %11, align 8 %12 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %11, %struct.wake_q_node*** %12, align 8 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %14 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %13, i32 %1) #69 %15 = bitcast %struct.kern_ipc_perm* %14 to %struct.sem_array* %16 = bitcast %struct.kern_ipc_perm* %14 to i8* %17 = icmp ugt %struct.kern_ipc_perm* %14, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %14, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp eq i32 %3, 17 %26 = select i1 %25, i16 146, i16 292 %27 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %14, i16 signext %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 compat_ksys_semctl 2 __ia32_compat_sys_old_semctl ------------- Path:  Function:__ia32_compat_sys_old_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = and i32 %12, 256 %15 = and i32 %12, -257 %16 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %15, i32 %13, i32 %14) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %80 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %3) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %210, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 compat_ksys_semctl 2 compat_ksys_old_semctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %27 = icmp eq i32 %4, 0 br i1 %27, label %110, label %28 %30 = zext i32 %4 to i64 %31 = inttoptr i64 %30 to i32* %32 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* nonnull %31, i64 4, i64 %29) #6, !srcloc !4 %33 = extractvalue { i32*, i64, i64 } %32, 0 %34 = extractvalue { i32*, i64, i64 } %32, 2 %35 = ptrtoint i32* %33 to i64 %36 = and i64 %35, 4294967295 %37 = icmp eq i64 %36, 0 br i1 %37, label %38, label %110, !prof !5, !misexpect !6 %39 = extractvalue { i32*, i64, i64 } %32, 1 %40 = trunc i64 %39 to i32 %41 = tail call i64 @compat_ksys_old_semctl(i32 %1, i32 %2, i32 %3, i32 %40) #69 Function:compat_ksys_old_semctl %5 = and i32 %2, 256 %6 = and i32 %2, -257 %7 = tail call fastcc i64 @compat_ksys_semctl(i32 %0, i32 %1, i32 %6, i32 %3, i32 %5) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %80 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %3) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %210, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 compat_ksys_semctl 2 __ia32_compat_sys_semctl ------------- Path:  Function:__ia32_compat_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %3 to i32 %11 = trunc i64 %5 to i32 %12 = trunc i64 %7 to i32 %13 = trunc i64 %9 to i32 %14 = tail call fastcc i64 @compat_ksys_semctl(i32 %10, i32 %11, i32 %12, i32 %13, i32 256) #69 Function:compat_ksys_semctl %6 = alloca %struct.compat_semid64_ds, align 4 %7 = alloca %struct.compat_semid_ds, align 4 %8 = alloca %struct.semid64_ds, align 8 %9 = zext i32 %3 to i64 %10 = inttoptr i64 %9 to i8* %11 = bitcast %struct.semid64_ds* %8 to i8* %12 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 br i1 %17, label %97, label %18 %19 = and i32 %2, -257 switch i32 %19, label %97 [ i32 3, label %20 i32 19, label %20 i32 2, label %23 i32 18, label %23 i32 20, label %23 i32 12, label %76 i32 11, label %76 i32 14, label %76 i32 15, label %76 i32 13, label %76 i32 17, label %76 i32 16, label %79 i32 1, label %82 i32 0, label %94 ] %80 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace.243034* %16, i32 %0, i32 %1, i32 %3) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %210, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 __se_sys_semctl 2 __ia32_sys_semctl ------------- Path:  Function:__ia32_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_semctl(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %35 = trunc i64 %3 to i32 %36 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, i32 %35) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %210, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 semctl_setval 1 __se_sys_semctl 2 __x64_sys_semctl ------------- Path:  Function:__x64_sys_semctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_semctl(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_semctl %5 = alloca %struct.semid64_ds, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = trunc i64 %2 to i32 %9 = inttoptr i64 %3 to i8* %10 = bitcast %struct.semid64_ds* %5 to i8* %11 = icmp slt i32 %6, 0 br i1 %11, label %44, label %12 %13 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %8, label %44 [ i32 3, label %18 i32 19, label %18 i32 2, label %21 i32 18, label %21 i32 20, label %21 i32 13, label %31 i32 12, label %31 i32 11, label %31 i32 14, label %31 i32 15, label %31 i32 17, label %31 i32 16, label %34 i32 1, label %38 i32 0, label %41 ] %35 = trunc i64 %3 to i32 %36 = tail call fastcc i32 @semctl_setval(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, i32 %35) #69 Function:semctl_setval %5 = alloca %struct.wake_q_head, align 8 %6 = bitcast %struct.wake_q_head* %5 to i8* %7 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %7, align 8 %8 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %5, i64 0, i32 1 store %struct.wake_q_node** %7, %struct.wake_q_node*** %8, align 8 %9 = icmp ugt i32 %3, 32767 br i1 %9, label %210, label %10 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %11 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 0 %12 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %11, i32 %1) #69 %13 = bitcast %struct.kern_ipc_perm* %12 to %struct.sem_array* %14 = bitcast %struct.kern_ipc_perm* %12 to i8* %15 = icmp ugt %struct.kern_ipc_perm* %12, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %15, label %16, label %19 %20 = icmp slt i32 %2, 0 br i1 %20, label %26, label %21 %22 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %12, i64 1, i32 11 %23 = bitcast %struct.rhash_head* %22 to i32* %24 = load i32, i32* %23, align 8 %25 = icmp sgt i32 %24, %2 br i1 %25, label %27, label %26 %28 = call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %12, i16 signext 146) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __ia32_compat_sys_msgrcv ------------- Path:  Function:__ia32_compat_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %12 to i32 %15 = inttoptr i64 %6 to i8* %16 = shl i64 %8, 32 %17 = ashr exact i64 %16, 32 %18 = shl i64 %10, 32 %19 = ashr exact i64 %18, 32 %20 = tail call fastcc i64 @do_msgrcv(i32 %13, i8* %15, i64 %17, i64 %19, i32 %14, i64 (i8*, %struct.msg_msg*, i64)* nonnull @compat_do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %12, i64 0, i32 86 %14 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %270, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace.243034* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 compat_ksys_msgrcv 2 compat_ksys_ipc 3 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %47 = zext i32 %4 to i64 %48 = inttoptr i64 %47 to i8* %49 = or i32 %2, %1 %50 = icmp sgt i32 %49, -1 br i1 %50, label %51, label %110 %52 = icmp eq i32 %9, 0 br i1 %52, label %53, label %68 %69 = tail call i64 @compat_ksys_msgrcv(i32 %1, i32 %4, i32 %2, i32 %5, i32 %3) #69 Function:compat_ksys_msgrcv %6 = zext i32 %1 to i64 %7 = inttoptr i64 %6 to i8* %8 = sext i32 %2 to i64 %9 = sext i32 %3 to i64 %10 = tail call fastcc i64 @do_msgrcv(i32 %0, i8* %7, i64 %8, i64 %9, i32 %4, i64 (i8*, %struct.msg_msg*, i64)* nonnull @compat_do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %12, i64 0, i32 86 %14 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %270, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace.243034* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __ia32_sys_msgrcv ------------- Path:  Function:__ia32_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = trunc i64 %14 to i32 %17 = inttoptr i64 %6 to i8* %18 = tail call fastcc i64 @do_msgrcv(i32 %15, i8* %17, i64 %9, i64 %12, i32 %16, i64 (i8*, %struct.msg_msg*, i64)* nonnull @do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %12, i64 0, i32 86 %14 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %270, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace.243034* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_msgrcv 1 __x64_sys_msgrcv ------------- Path:  Function:__x64_sys_msgrcv %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %12 = load i64, i64* %11, align 8 %13 = trunc i64 %3 to i32 %14 = trunc i64 %12 to i32 %15 = tail call fastcc i64 @do_msgrcv(i32 %13, i8* %6, i64 %8, i64 %10, i32 %14, i64 (i8*, %struct.msg_msg*, i64)* nonnull @do_msg_fill) #69 Function:do_msgrcv %7 = alloca %struct.wake_q_head, align 8 %8 = alloca %struct.msg_receiver, align 8 %9 = bitcast %struct.wake_q_head* %7 to i8* %10 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 0 store %struct.wake_q_node* inttoptr (i64 1 to %struct.wake_q_node*), %struct.wake_q_node** %10, align 8 %11 = getelementptr inbounds %struct.wake_q_head, %struct.wake_q_head* %7, i64 0, i32 1 store %struct.wake_q_node** %10, %struct.wake_q_node*** %11, align 8 %12 = call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %12, i64 0, i32 86 %14 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %15, align 8 %17 = icmp slt i32 %0, 0 %18 = icmp slt i64 %2, 0 %19 = or i1 %17, %18 br i1 %19, label %270, label %20 %21 = and i32 %4, 16384 %22 = icmp eq i32 %21, 0 br i1 %22, label %27, label %23 %28 = icmp eq i64 %3, 0 br i1 %28, label %39, label %29 %40 = phi i64 [ 0, %27 ], [ %34, %31 ], [ %3, %35 ] %41 = phi i32 [ 1, %27 ], [ 4, %31 ], [ %38, %35 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %42 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %16, i64 0, i32 1, i64 1 %43 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %42, i32 %0) #69 %44 = icmp ugt %struct.kern_ipc_perm* %43, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %44, label %78, label %45 %46 = bitcast %struct.msg_receiver* %8 to i8* %47 = call i32 @ipcperms(%struct.ipc_namespace.243034* %16, %struct.kern_ipc_perm* %43, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_old_msgctl ------------- Path:  Function:__ia32_compat_sys_old_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = and i32 %10, 256 %13 = and i32 %10, -257 %14 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %13, i8* %11, i32 %12) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 compat_ksys_old_msgctl 3 compat_ksys_ipc 4 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %75 = zext i32 %4 to i64 %76 = inttoptr i64 %75 to i8* %77 = tail call i64 @compat_ksys_old_msgctl(i32 %1, i32 %2, i8* %76) #69 Function:compat_ksys_old_msgctl %4 = and i32 %1, 256 %5 = and i32 %1, -257 %6 = tail call fastcc i64 @compat_ksys_msgctl(i32 %0, i32 %5, i8* %2, i32 %4) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 compat_ksys_msgctl 2 __ia32_compat_sys_msgctl ------------- Path:  Function:__ia32_compat_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = inttoptr i64 %8 to i8* %12 = tail call fastcc i64 @compat_ksys_msgctl(i32 %9, i32 %10, i8* %11, i32 256) #69 Function:compat_ksys_msgctl %5 = alloca %struct.compat_msqid64_ds, align 4 %6 = alloca %struct.compat_msqid_ds, align 4 %7 = alloca %struct.msqid64_ds, align 8 %8 = alloca %struct.msginfo, align 4 %9 = bitcast %struct.msqid64_ds* %7 to i8* %10 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %11 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %10, i64 0, i32 86 %12 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %11, align 16 %13 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %12, i64 0, i32 2 %14 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %13, align 8 %15 = or i32 %1, %0 %16 = icmp sgt i32 %15, -1 br i1 %16, label %17, label %217 %18 = and i32 %1, -257 switch i32 %18, label %217 [ i32 3, label %19 i32 12, label %19 i32 2, label %78 i32 11, label %78 i32 13, label %78 i32 1, label %172 i32 0, label %214 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %14, i32 %0, i32 %1, %struct.msqid64_ds* nonnull %7) #70 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 __se_sys_msgctl 2 __ia32_sys_msgctl ------------- Path:  Function:__ia32_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_msgctl(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Use: =BAD PATH= Call Stack: 0 msgctl_stat 1 __se_sys_msgctl 2 __x64_sys_msgctl ------------- Path:  Function:__x64_sys_msgctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_msgctl(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_msgctl %4 = alloca %struct.msqid64_ds, align 8 %5 = alloca %struct.msginfo, align 4 %6 = trunc i64 %0 to i32 %7 = trunc i64 %1 to i32 %8 = bitcast %struct.msqid64_ds* %4 to i8* %9 = or i64 %1, %0 %10 = trunc i64 %9 to i32 %11 = icmp sgt i32 %10, -1 br i1 %11, label %12, label %103 %13 = tail call %struct.task_struct.243821* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.243821** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.243821**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.243821, %struct.task_struct.243821* %13, i64 0, i32 86 %15 = load %struct.nsproxy.243763*, %struct.nsproxy.243763** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.243763, %struct.nsproxy.243763* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %16, align 8 switch i32 %7, label %103 [ i32 3, label %18 i32 12, label %18 i32 11, label %78 i32 13, label %78 i32 2, label %78 i32 1, label %89 i32 0, label %100 ] %79 = call fastcc i32 @msgctl_stat(%struct.ipc_namespace.243034* %17, i32 %6, i32 %7, %struct.msqid64_ds* nonnull %4) #69 Function:msgctl_stat %5 = bitcast %struct.msqid64_ds* %3 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %6 = icmp eq i32 %2, 13 switch i32 %2, label %14 [ i32 13, label %7 i32 11, label %7 ] %15 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %0, i64 0, i32 1, i64 1 %16 = tail call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %15, i32 %1) #69 %17 = icmp ugt %struct.kern_ipc_perm* %16, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %17, label %18, label %21 %22 = phi %struct.kern_ipc_perm* [ %9, %7 ], [ %16, %14 ] br i1 %6, label %23, label %33 %34 = tail call i32 @ipcperms(%struct.ipc_namespace.243034* %0, %struct.kern_ipc_perm* %22, i16 signext 292) #69 ------------- Good: 4 Bad: 44 Ignored: 0 Check Use of Function:x86_pmu_aux_output_match Check Use of Function:vfs_clean_context Check Use of Function:anon_inode_getfd Use: =BAD PATH= Call Stack: 0 __se_sys_pidfd_open 1 __ia32_sys_pidfd_open ------------- Path:  Function:__ia32_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %4, i64 %7) #69 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = icmp ne i32 %4, 0 %6 = icmp slt i32 %3, 1 %7 = or i1 %6, %5 br i1 %7, label %96, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !5 %10 = getelementptr inbounds %struct.task_struct.50083, %struct.task_struct.50083* %9, i64 0, i32 58 %11 = load %struct.pid.49683*, %struct.pid.49683** %10, align 64 %12 = icmp eq %struct.pid.49683* %11, null br i1 %12, label %19, label %13 %14 = getelementptr inbounds %struct.pid.49683, %struct.pid.49683* %11, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.pid.49683, %struct.pid.49683* %11, i64 0, i32 5, i64 %16, i32 1 %18 = load %struct.pid_namespace.50085*, %struct.pid_namespace.50085** %17, align 8 br label %19 %20 = phi %struct.pid_namespace.50085* [ %18, %13 ], [ null, %8 ] %21 = getelementptr inbounds %struct.pid_namespace.50085, %struct.pid_namespace.50085* %20, i64 0, i32 1 %22 = and i64 %0, 4294967295 %23 = tail call i8* @idr_find(%struct.idr* %21, i64 %22) #69 %24 = icmp eq i8* %23, null br i1 %24, label %34, label %25 %26 = bitcast i8* %23 to %union.anon.21* %27 = bitcast i8* %23 to i32* %28 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %27, i32 1, i32* nonnull %27) #6, !srcloc !6 %29 = icmp eq i32 %28, 0 br i1 %29, label %35, label %30, !prof !7, !misexpect !8 %31 = add i32 %28, 1 %32 = or i32 %31, %28 %33 = icmp sgt i32 %32, -1 br i1 %33, label %37, label %35, !prof !9, !misexpect !8 %36 = phi i32 [ 2, %25 ], [ 1, %30 ] tail call void @refcount_warn_saturate(%union.anon.21* nonnull %26, i32 %36) #69 br label %37 %38 = bitcast i8* %23 to %struct.pid.49683* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %39 = getelementptr i8, i8* %23, i64 16 %40 = bitcast i8* %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 %43 = inttoptr i64 %41 to i8* %44 = getelementptr i8, i8* %43, i64 -1304 %45 = icmp eq i8* %44, null %46 = or i1 %42, %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br i1 %46, label %76, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %27, i32 1, i32* nonnull %27) #6, !srcloc !6 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !7, !misexpect !8 %51 = add i32 %48, 1 %52 = or i32 %51, %48 %53 = icmp sgt i32 %52, -1 br i1 %53, label %56, label %54, !prof !9, !misexpect !8 %55 = phi i32 [ 2, %47 ], [ 1, %50 ] tail call void @refcount_warn_saturate(%union.anon.21* nonnull %26, i32 %55) #69 br label %56 %57 = tail call i32 bitcast (i32 (i8*, %struct.file_operations.138735*, i8*, i32)* @anon_inode_getfd to i32 (i8*, %struct.file_operations.49680*, i8*, i32)*)(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.5804, i64 0, i64 0), %struct.file_operations.49680* nonnull bitcast (%struct.file_operations.42998* @pidfd_fops to %struct.file_operations.49680*), i8* nonnull %23, i32 524290) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_pidfd_open 1 __x64_sys_pidfd_open ------------- Path:  Function:__x64_sys_pidfd_open %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_pidfd_open(i64 %3, i64 %5) #69 Function:__se_sys_pidfd_open %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = icmp ne i32 %4, 0 %6 = icmp slt i32 %3, 1 %7 = or i1 %6, %5 br i1 %7, label %96, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = tail call %struct.task_struct.50083* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.50083** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.50083**)) #10, !srcloc !5 %10 = getelementptr inbounds %struct.task_struct.50083, %struct.task_struct.50083* %9, i64 0, i32 58 %11 = load %struct.pid.49683*, %struct.pid.49683** %10, align 64 %12 = icmp eq %struct.pid.49683* %11, null br i1 %12, label %19, label %13 %14 = getelementptr inbounds %struct.pid.49683, %struct.pid.49683* %11, i64 0, i32 1 %15 = load i32, i32* %14, align 4 %16 = zext i32 %15 to i64 %17 = getelementptr %struct.pid.49683, %struct.pid.49683* %11, i64 0, i32 5, i64 %16, i32 1 %18 = load %struct.pid_namespace.50085*, %struct.pid_namespace.50085** %17, align 8 br label %19 %20 = phi %struct.pid_namespace.50085* [ %18, %13 ], [ null, %8 ] %21 = getelementptr inbounds %struct.pid_namespace.50085, %struct.pid_namespace.50085* %20, i64 0, i32 1 %22 = and i64 %0, 4294967295 %23 = tail call i8* @idr_find(%struct.idr* %21, i64 %22) #69 %24 = icmp eq i8* %23, null br i1 %24, label %34, label %25 %26 = bitcast i8* %23 to %union.anon.21* %27 = bitcast i8* %23 to i32* %28 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %27, i32 1, i32* nonnull %27) #6, !srcloc !6 %29 = icmp eq i32 %28, 0 br i1 %29, label %35, label %30, !prof !7, !misexpect !8 %31 = add i32 %28, 1 %32 = or i32 %31, %28 %33 = icmp sgt i32 %32, -1 br i1 %33, label %37, label %35, !prof !9, !misexpect !8 %36 = phi i32 [ 2, %25 ], [ 1, %30 ] tail call void @refcount_warn_saturate(%union.anon.21* nonnull %26, i32 %36) #69 br label %37 %38 = bitcast i8* %23 to %struct.pid.49683* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %39 = getelementptr i8, i8* %23, i64 16 %40 = bitcast i8* %39 to i64* %41 = load volatile i64, i64* %40, align 8 %42 = icmp eq i64 %41, 0 %43 = inttoptr i64 %41 to i8* %44 = getelementptr i8, i8* %43, i64 -1304 %45 = icmp eq i8* %44, null %46 = or i1 %42, %45 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 br i1 %46, label %76, label %47 %48 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* nonnull %27, i32 1, i32* nonnull %27) #6, !srcloc !6 %49 = icmp eq i32 %48, 0 br i1 %49, label %54, label %50, !prof !7, !misexpect !8 %51 = add i32 %48, 1 %52 = or i32 %51, %48 %53 = icmp sgt i32 %52, -1 br i1 %53, label %56, label %54, !prof !9, !misexpect !8 %55 = phi i32 [ 2, %47 ], [ 1, %50 ] tail call void @refcount_warn_saturate(%union.anon.21* nonnull %26, i32 %55) #69 br label %56 %57 = tail call i32 bitcast (i32 (i8*, %struct.file_operations.138735*, i8*, i32)* @anon_inode_getfd to i32 (i8*, %struct.file_operations.49680*, i8*, i32)*)(i8* getelementptr inbounds ([8 x i8], [8 x i8]* @.str.4.5804, i64 0, i64 0), %struct.file_operations.49680* nonnull bitcast (%struct.file_operations.42998* @pidfd_fops to %struct.file_operations.49680*), i8* nonnull %23, i32 524290) #69 ------------- Good: 7 Bad: 2 Ignored: 0 Check Use of Function:pci_user_read_config_byte Check Use of Function:__break_lease Use: =BAD PATH= Call Stack: 0 notify_change 1 file_remove_privs 2 __generic_file_write_iter 3 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %25 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %26 = load i64, i64* %25, align 8 %27 = icmp eq i64 %26, 0 br i1 %27, label %66, label %28 %29 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %30 = load i64, i64* %29, align 8 %31 = icmp sgt i64 %11, %30 br i1 %31, label %32, label %66 %33 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 4 %34 = load i32, i32* %33, align 8 %35 = and i32 %34, 132 %36 = icmp eq i32 %35, 128 br i1 %36, label %66, label %37 %38 = sub i64 %11, %30 %39 = icmp ugt i64 %26, %38 br i1 %39, label %40, label %42 %41 = sub i64 %26, %38 store i64 %38, i64* %25, align 8 br label %42 %43 = phi i64 [ %41, %40 ], [ 0, %37 ] call void @blk_start_plug(%struct.blk_plug* nonnull %3) #69 %44 = call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @__generic_file_write_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:__generic_file_write_iter %3 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %4 = load %struct.file.108469*, %struct.file.108469** %3, align 8 %5 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %4, i64 0, i32 19 %6 = load %struct.address_space.108233*, %struct.address_space.108233** %5, align 8 %7 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %6, i64 0, i32 0 %8 = load %struct.inode.108461*, %struct.inode.108461** %7, align 8 %9 = icmp eq %struct.inode.108461* %8, null br i1 %9, label %22, label %10 %23 = phi %struct.backing_dev_info.108215* [ %18, %15 ], [ %21, %19 ], [ @noop_backing_dev_info, %2 ] %24 = tail call %struct.task_struct.108433* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.108433** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.108433**)) #10, !srcloc !4 %25 = getelementptr inbounds %struct.task_struct.108433, %struct.task_struct.108433* %24, i64 0, i32 113 store %struct.backing_dev_info.108215* %23, %struct.backing_dev_info.108215** %25, align 8 %26 = tail call i32 bitcast (i32 (%struct.file.136874*)* @file_remove_privs to i32 (%struct.file.108469*)*)(%struct.file.108469* %4) #69 Function:file_remove_privs %2 = alloca %struct.iattr.136912, align 8 %3 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 1, i32 1 %4 = load %struct.dentry.136910*, %struct.dentry.136910** %3, align 8 %5 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %4, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 67108864 %8 = icmp eq i32 %7, 0 br i1 %8, label %17, label %9, !prof !4, !misexpect !5 %18 = phi %struct.dentry.136910* [ %16, %9 ], [ %4, %1 ] %19 = getelementptr inbounds %struct.file.136874, %struct.file.136874* %0, i64 0, i32 2 %20 = load %struct.inode.136922*, %struct.inode.136922** %19, align 8 %21 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 4 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 4096 %24 = icmp eq i32 %23, 0 br i1 %24, label %25, label %88 %26 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %20, i64 0, i32 0 %27 = load i16, i16* %26, align 8 %28 = and i16 %27, -4096 %29 = icmp eq i16 %28, -32768 br i1 %29, label %30, label %88 %31 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %18, i64 0, i32 5 %32 = load %struct.inode.136922*, %struct.inode.136922** %31, align 8 %33 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 4 %34 = load i32, i32* %33, align 4 %35 = and i32 %34, 4096 %36 = icmp eq i32 %35, 0 br i1 %36, label %37, label %70 %38 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %32, i64 0, i32 0 %39 = load i16, i16* %38, align 8 %40 = zext i16 %39 to i32 %41 = and i32 %40, 2048 %42 = and i32 %40, 1032 %43 = icmp eq i32 %42, 1032 %44 = or i32 %41, 4096 %45 = select i1 %43, i32 %44, i32 %41, !prof !6 %46 = icmp eq i32 %45, 0 br i1 %46, label %52, label %47 %48 = tail call zeroext i1 @capable(i32 4) #69 %49 = and i32 %40, 61440 %50 = icmp ne i32 %49, 32768 %51 = or i1 %50, %48 br i1 %51, label %52, label %53 br label %53 %54 = phi i32 [ 0, %52 ], [ %45, %47 ] %55 = tail call i32 bitcast (i32 (%struct.dentry.112781*)* @security_inode_need_killpriv to i32 (%struct.dentry.136910*)*)(%struct.dentry.136910* %18) #69 %56 = icmp slt i32 %55, 0 br i1 %56, label %88, label %57 %58 = icmp eq i32 %55, 0 %59 = or i32 %54, 16384 %60 = select i1 %58, i32 %54, i32 %59 %61 = icmp slt i32 %60, 0 br i1 %61, label %88, label %62 %63 = icmp eq i32 %60, 0 br i1 %63, label %70, label %64 %65 = bitcast %struct.iattr.136912* %2 to i8* %66 = or i32 %60, 512 %67 = getelementptr inbounds %struct.iattr.136912, %struct.iattr.136912* %2, i64 0, i32 0 store i32 %66, i32* %67, align 8 %68 = call i32 bitcast (i32 (%struct.dentry.137143*, %struct.iattr.137257*, %struct.inode.137152**)* @notify_change to i32 (%struct.dentry.136910*, %struct.iattr.136912*, %struct.inode.136922**)*)(%struct.dentry.136910* %18, %struct.iattr.136912* nonnull %2, %struct.inode.136922** null) #69 Function:notify_change %4 = getelementptr inbounds %struct.dentry.137143, %struct.dentry.137143* %0, i64 0, i32 5 %5 = load %struct.inode.137152*, %struct.inode.137152** %4, align 8 %6 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 0 %7 = load i16, i16* %6, align 8 %8 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 0 %9 = load i32, i32* %8, align 8 %10 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 24, i32 0, i32 0 %11 = load volatile i64, i64* %10, align 8 %12 = icmp eq i64 %11, 0 br i1 %12, label %13, label %14, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([10 x i8], [10 x i8]* @.str.15360, i64 0, i64 0), i32 233, i32 2307, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 105) #6, !srcloc !7 br label %14 %15 = and i32 %9, 65543 %16 = icmp eq i32 %15, 0 br i1 %16, label %22, label %17 %18 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 12 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %247 %23 = and i32 %9, 131072 %24 = icmp eq i32 %23, 0 br i1 %24, label %35, label %25 %26 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 4 %27 = load i32, i32* %26, align 4 %28 = and i32 %27, 8 %29 = icmp eq i32 %28, 0 br i1 %29, label %30, label %247 %31 = tail call zeroext i1 bitcast (i1 (%struct.inode.136922*)* @inode_owner_or_capable to i1 (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 br i1 %31, label %35, label %32 %33 = tail call i32 bitcast (i32 (%struct.inode.134289*, i32)* @inode_permission to i32 (%struct.inode.137152*, i32)*)(%struct.inode.137152* %5, i32 2) #69 %34 = icmp eq i32 %33, 0 br i1 %34, label %35, label %247 %36 = and i32 %9, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %51, label %38 %39 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 1 %40 = load i16, i16* %39, align 4 %41 = zext i16 %40 to i32 %42 = and i32 %41, 2048 %43 = icmp ne i32 %42, 0 %44 = and i32 %41, 1032 %45 = icmp eq i32 %44, 1032 %46 = or i1 %43, %45 br i1 %46, label %47, label %51 %52 = tail call { i64, i64 } bitcast ({ i64, i64 } (%struct.inode.136922*)* @current_time to { i64, i64 } (%struct.inode.137152*)*)(%struct.inode.137152* %5) #69 %53 = extractvalue { i64, i64 } %52, 0 %54 = extractvalue { i64, i64 } %52, 1 %55 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 0 store i64 %53, i64* %55, align 8 %56 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 7, i32 1 store i64 %54, i64* %56, align 8 %57 = trunc i32 %9 to i8 %58 = icmp sgt i8 %57, -1 %59 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 0 br i1 %58, label %60, label %62 %63 = load i64, i64* %59, align 8 %64 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 5, i32 1 %65 = load i64, i64* %64, align 8 %66 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %63, i64 %65, %struct.inode.137152* %5) #69 %67 = extractvalue { i64, i64 } %66, 0 %68 = extractvalue { i64, i64 } %66, 1 store i64 %67, i64* %59, align 8 store i64 %68, i64* %64, align 8 br label %69 %70 = and i32 %9, 256 %71 = icmp eq i32 %70, 0 %72 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 0 br i1 %71, label %73, label %75 %76 = load i64, i64* %72, align 8 %77 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 6, i32 1 %78 = load i64, i64* %77, align 8 %79 = tail call { i64, i64 } bitcast ({ i64, i64 } (i64, i64, %struct.inode.136922*)* @timestamp_truncate to { i64, i64 } (i64, i64, %struct.inode.137152*)*)(i64 %76, i64 %78, %struct.inode.137152* %5) #69 %80 = extractvalue { i64, i64 } %79, 0 %81 = extractvalue { i64, i64 } %79, 1 store i64 %80, i64* %72, align 8 store i64 %81, i64* %77, align 8 br label %82 %83 = and i32 %9, 16384 %84 = icmp eq i32 %83, 0 br i1 %84, label %94, label %85 %95 = phi i32 [ %36, %82 ], [ %36, %88 ], [ %93, %90 ] %96 = phi i32 [ %9, %82 ], [ %9, %88 ], [ %92, %90 ] %97 = and i32 %96, 6144 %98 = icmp eq i32 %97, 0 %99 = icmp eq i32 %95, 0 %100 = or i1 %98, %99 br i1 %100, label %102, label %101 %103 = and i32 %96, 2048 %104 = icmp eq i32 %103, 0 %105 = and i16 %7, 2048 %106 = icmp eq i16 %105, 0 %107 = or i1 %106, %104 br i1 %107, label %114, label %108 %115 = phi i32 [ %110, %108 ], [ %96, %102 ] %116 = and i32 %115, 4096 %117 = icmp ne i32 %116, 0 %118 = and i16 %7, 1032 %119 = icmp eq i16 %118, 1032 %120 = and i1 %119, %117 br i1 %120, label %121, label %137 %138 = phi i32 [ %134, %132 ], [ %115, %114 ] %139 = load i32, i32* %8, align 8 %140 = and i32 %139, -6145 %141 = icmp eq i32 %140, 0 br i1 %141, label %247, label %142 %143 = and i32 %138, 2 %144 = icmp eq i32 %143, 0 br i1 %144, label %149, label %145 %146 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 2, i32 0 %147 = load i32, i32* %146, align 8 %148 = icmp eq i32 %147, -1 br i1 %148, label %247, label %149 %150 = and i32 %138, 4 %151 = icmp eq i32 %150, 0 br i1 %151, label %156, label %152 %153 = getelementptr inbounds %struct.iattr.137257, %struct.iattr.137257* %1, i64 0, i32 3, i32 0 %154 = load i32, i32* %153, align 4 %155 = icmp eq i32 %154, -1 br i1 %155, label %247, label %156 br i1 %144, label %157, label %161 %158 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 2, i32 0 %159 = load i32, i32* %158, align 4 %160 = icmp eq i32 %159, -1 br i1 %160, label %247, label %161 br i1 %151, label %162, label %166 %163 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 3, i32 0 %164 = load i32, i32* %163, align 8 %165 = icmp eq i32 %164, -1 br i1 %165, label %247, label %166 %167 = tail call i32 bitcast (i32 (%struct.dentry.112781*, %struct.iattr.112338*)* @security_inode_setattr to i32 (%struct.dentry.137143*, %struct.iattr.137257*)*)(%struct.dentry.137143* %0, %struct.iattr.137257* %1) #69 %168 = icmp eq i32 %167, 0 br i1 %168, label %169, label %247 tail call void asm sideeffect "lock; addl $$0,-4(%rsp)", "~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %170 = getelementptr inbounds %struct.inode.137152, %struct.inode.137152* %5, i64 0, i32 40 %171 = load %struct.file_lock_context*, %struct.file_lock_context** %170, align 8 %172 = icmp eq %struct.file_lock_context* %171, null br i1 %172, label %190, label %173 %174 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %171, i64 0, i32 3 %175 = getelementptr inbounds %struct.list_head, %struct.list_head* %174, i64 0, i32 0 %176 = load %struct.list_head*, %struct.list_head** %175, align 8 %177 = icmp eq %struct.list_head* %176, %174 br i1 %177, label %178, label %182 %179 = getelementptr inbounds %struct.file_lock_context, %struct.file_lock_context* %171, i64 0, i32 3, i32 1 %180 = load %struct.list_head*, %struct.list_head** %179, align 8 %181 = icmp eq %struct.list_head* %180, %174 br i1 %181, label %190, label %182 %183 = tail call i32 bitcast (i32 (%struct.inode.43174*, i32, i32)* @__break_lease to i32 (%struct.inode.137152*, i32, i32)*)(%struct.inode.137152* %5, i32 2049, i32 4) #69 ------------- Good: 28 Bad: 1 Ignored: 27 Check Use of Function:user_shm_lock Check Use of Function:pci_config_pm_runtime_get Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* bitcast (i8* (%struct.inode.162997*)* @PDE_DATA to i8* (%struct.inode*)*)(%struct.inode* %6) #69 %8 = bitcast i8* %7 to %struct.pci_dev.296182* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 896 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = icmp sgt i32 %13, %10 br i1 %19, label %20, label %123 %21 = sext i32 %13 to i64 %22 = icmp ugt i64 %21, %2 %23 = select i1 %22, i64 %2, i64 %21 %24 = shl i64 %9, 32 %25 = ashr exact i64 %24, 32 %26 = add i64 %23, %25 %27 = icmp ugt i64 %26, %21 %28 = sub i32 %13, %10 %29 = sext i32 %28 to i64 %30 = select i1 %27, i64 %29, i64 %23 %31 = trunc i64 %30 to i32 %32 = shl i64 %30, 32 %33 = ashr exact i64 %32, 32 %34 = tail call %struct.task_struct* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct** nonnull @current_task) #10, !srcloc !4 %35 = getelementptr inbounds %struct.task_struct, %struct.task_struct* %34, i64 0, i32 163, i32 17, i32 0 %36 = load i64, i64* %35, align 8 %37 = ptrtoint i8* %1 to i64 %38 = add i64 %33, %37 %39 = icmp ult i64 %38, %33 %40 = icmp ugt i64 %38, %36 %41 = or i1 %39, %40 br i1 %41, label %123, label %42, !prof !5, !misexpect !6 tail call void bitcast (void (%struct.pci_dev.291277*)* @pci_config_pm_runtime_get to void (%struct.pci_dev.296182*)*)(%struct.pci_dev.296182* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -3, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pci_dev.291277* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 112 %16 = bitcast %struct.list_head** %15 to i32* %17 = load i32, i32* %16, align 8 %18 = sext i32 %17 to i64 %19 = icmp slt i64 %18, %4 br i1 %19, label %123, label %20 %21 = add i64 %5, %4 %22 = icmp ugt i64 %21, %18 %23 = trunc i64 %4 to i32 %24 = sub i32 %17, %23 %25 = zext i32 %24 to i64 %26 = select i1 %22, i32 %24, i32 %9 %27 = select i1 %22, i64 %25, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.291277* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -3, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pci_dev.291277* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = getelementptr inbounds %struct.list_head*, %struct.list_head** %7, i64 112 %16 = bitcast %struct.list_head** %15 to i32* %17 = load i32, i32* %16, align 8 %18 = sext i32 %17 to i64 %19 = icmp slt i64 %18, %4 br i1 %19, label %123, label %20 %21 = add i64 %5, %4 %22 = icmp ugt i64 %21, %18 %23 = trunc i64 %4 to i32 %24 = sub i32 %17, %23 %25 = zext i32 %24 to i64 %26 = select i1 %22, i32 %24, i32 %9 %27 = select i1 %22, i64 %25, i64 %5 tail call void @pci_config_pm_runtime_get(%struct.pci_dev.291277* %8) #69 ------------- Good: 2 Bad: 3 Ignored: 3 Check Use of Function:kthread_park Check Use of Function:ext4_xattr_security_get Check Use of Function:d_lookup Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.18.17503, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #69 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.19.17504, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #69 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #69 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #69 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #69 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #70 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #71 ------------- Good: 15 Bad: 1 Ignored: 0 Check Use of Function:msdos_rmdir Check Use of Function:autofs_lookup Check Use of Function:sock_read_iter Check Use of Function:kernfs_iop_rmdir Check Use of Function:security_inode_rmdir Check Use of Function:shmem_rmdir Check Use of Function:fat_trim_fs Check Use of Function:mtrr_add_page Check Use of Function:ext4_rmdir Check Use of Function:do_linkat Use: =BAD PATH= Call Stack: 0 __ia32_sys_link ------------- Path:  Function:__ia32_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i32 @do_linkat(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_link ------------- Path:  Function:__x64_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i32 @do_linkat(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_linkat ------------- Path:  Function:__ia32_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call i32 @do_linkat(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_linkat ------------- Path:  Function:__x64_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call i32 @do_linkat(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:md_ioctl Use: =BAD PATH= Call Stack: 0 md_compat_ioctl ------------- Path:  Function:md_compat_ioctl switch i32 %2, label %5 [ i32 2338, label %7 i32 2344, label %7 i32 2345, label %7 i32 1074006315, label %7 ] %8 = phi i64 [ %6, %5 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ], [ %3, %4 ] %9 = tail call i32 @md_ioctl(%struct.block_device.272975* %0, i32 %1, i32 %2, i64 %8) #69 ------------- Good: 0 Bad: 1 Ignored: 0 Check Use of Function:do_mkdirat Use: =BAD PATH= Call Stack: 0 __ia32_sys_mkdir ------------- Path:  Function:__ia32_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_mkdirat(i32 -100, i8* %7, i16 zeroext %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mkdir ------------- Path:  Function:__x64_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_mkdirat(i32 -100, i8* %4, i16 zeroext %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_mkdirat ------------- Path:  Function:__ia32_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_mkdirat(i32 %9, i8* %10, i16 zeroext %11) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_mkdirat ------------- Path:  Function:__x64_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i16 %11 = tail call i64 @do_mkdirat(i32 %9, i8* %6, i16 zeroext %10) #69 ------------- Good: 1 Bad: 4 Ignored: 0 Check Use of Function:maybe_link Check Use of Function:mqueue_unlink Check Use of Function:bad_inode_unlink Check Use of Function:change_mnt_propagation Check Use of Function:shmem_create Check Use of Function:sock_write_iter Check Use of Function:autofs_dir_unlink Check Use of Function:ext4_unlink Check Use of Function:filp_open Check Use of Function:ext4_double_down_write_data_sem Check Use of Function:unregister_netdevice_queue Check Use of Function:__rseq_handle_notify_resume Check Use of Function:user_disable_single_step Check Use of Function:do_group_exit Use: =BAD PATH= Call Stack: 0 __do_sys_exit_group 1 __se_sys_exit_group 2 __ia32_sys_exit_group ------------- Path:  Function:__ia32_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 tail call fastcc void @__se_sys_exit_group(i64 %4) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 __do_sys_exit_group 1 __se_sys_exit_group 2 __x64_sys_exit_group ------------- Path:  Function:__x64_sys_exit_group %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 tail call fastcc void @__se_sys_exit_group(i64 %3) #69 Function:__se_sys_exit_group %2 = trunc i64 %0 to i32 tail call fastcc void @__do_sys_exit_group(i32 %2) #69 Function:__do_sys_exit_group %2 = shl i32 %0, 8 %3 = and i32 %2, 65280 tail call void @do_group_exit(i32 %3) #69 ------------- Good: 2 Bad: 2 Ignored: 0 Check Use of Function:tty_kref_put Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 %42 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 13, i32 0, i32 0 %43 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %42) #69 %44 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 19 %45 = load %struct.pid.42861*, %struct.pid.42861** %44, align 8 %46 = icmp eq %struct.pid.42861* %45, null br i1 %46, label %56, label %47 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %42, i64 %43) #69 br label %64 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 %42 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 13, i32 0, i32 0 %43 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %42) #69 %44 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 19 %45 = load %struct.pid.42861*, %struct.pid.42861** %44, align 8 %46 = icmp eq %struct.pid.42861* %45, null br i1 %46, label %56, label %47 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %42, i64 %43) #69 br label %64 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl 3 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 %42 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 13, i32 0, i32 0 %43 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %42) #69 %44 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 19 %45 = load %struct.pid.42861*, %struct.pid.42861** %44, align 8 %46 = icmp eq %struct.pid.42861* %45, null br i1 %46, label %56, label %47 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %42, i64 %43) #69 br label %64 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 disassociate_ctty 1 tty_jobctrl_ioctl 2 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 %42 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 13, i32 0, i32 0 %43 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %42) #69 %44 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 19 %45 = load %struct.pid.42861*, %struct.pid.42861** %44, align 8 %46 = icmp eq %struct.pid.42861* %45, null br i1 %46, label %56, label %47 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %42, i64 %43) #69 br label %64 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_clear_tty 1 ksys_setsid 2 __x64_sys_setsid ------------- Path:  Function:__x64_sys_setsid %2 = tail call i32 @ksys_setsid() #69 Function:ksys_setsid %1 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %2 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %1, i64 0, i32 55 %3 = load %struct.task_struct.43108*, %struct.task_struct.43108** %2, align 8 %4 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %3, i64 0, i32 58 %5 = load %struct.pid.42861*, %struct.pid.42861** %4, align 64 %6 = tail call i32 bitcast (i32 (%struct.pid.49683*)* @pid_vnr to i32 (%struct.pid.42861*)*)(%struct.pid.42861* %5) #69 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %7 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %3, i64 0, i32 87 %8 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %7, align 8 %9 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %8, i64 0, i32 23 %10 = load i32, i32* %9, align 8 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %33 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @pid_task to %struct.task_struct.43108* (%struct.pid.42861*, i32)*)(%struct.pid.42861* %5, i32 2) #69 %14 = icmp eq %struct.task_struct.43108* %13, null br i1 %14, label %15, label %33 %16 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %7, align 8 %17 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %16, i64 0, i32 23 store i32 1, i32* %17, align 8 %18 = load %struct.task_struct.43108*, %struct.task_struct.43108** %2, align 8 %19 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %18, i64 0, i32 87 %20 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %19, align 8 %21 = getelementptr %struct.signal_struct.43021, %struct.signal_struct.43021* %20, i64 0, i32 21, i64 3 %22 = load %struct.pid.42861*, %struct.pid.42861** %21, align 8 %23 = icmp eq %struct.pid.42861* %22, %5 br i1 %23, label %26, label %24 tail call void bitcast (void (%struct.task_struct.50083*, i32, %struct.pid.49683*)* @change_pid to void (%struct.task_struct.43108*, i32, %struct.pid.42861*)*)(%struct.task_struct.43108* %18, i32 3, %struct.pid.42861* %5) #69 %25 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %19, align 8 br label %26 %27 = phi %struct.signal_struct.43021* [ %20, %15 ], [ %25, %24 ] %28 = getelementptr %struct.signal_struct.43021, %struct.signal_struct.43021* %27, i64 0, i32 21, i64 2 %29 = load %struct.pid.42861*, %struct.pid.42861** %28, align 8 %30 = icmp eq %struct.pid.42861* %29, %5 br i1 %30, label %32, label %31 tail call void bitcast (void (%struct.task_struct.339648*)* @proc_clear_tty to void (%struct.task_struct.43108*)*)(%struct.task_struct.43108* %3) #69 Function:proc_clear_tty %2 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %0, i64 0, i32 88 %3 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 32 %4 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %3, i64 0, i32 0, i32 0, i32 0 %5 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %4) #69 %6 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %0, i64 0, i32 87 %7 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %6, align 8 %8 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %7, i64 0, i32 24 %9 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %8, align 8 store %struct.tty_struct.339591* null, %struct.tty_struct.339591** %8, align 8 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %2, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %11, i64 %5) #69 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_port_open 1 uart_open ------------- Path:  Function:uart_open %3 = getelementptr inbounds %struct.tty_struct.343708, %struct.tty_struct.343708* %0, i64 0, i32 37 %4 = bitcast i8** %3 to %struct.uart_state** %5 = load %struct.uart_state*, %struct.uart_state** %4, align 8 %6 = getelementptr inbounds %struct.uart_state, %struct.uart_state* %5, i64 0, i32 0 %7 = tail call i32 bitcast (i32 (%struct.tty_port.338443*, %struct.tty_struct.338440*, %struct.file.338383*)* @tty_port_open to i32 (%struct.tty_port.343701*, %struct.tty_struct.343708*, %struct.file.343648*)*)(%struct.tty_port.343701* %6, %struct.tty_struct.343708* %0, %struct.file.343648* %1) #69 Function:tty_port_open %4 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 5 %5 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %4, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock_irq(%struct.raw_spinlock* %5) #69 %6 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 7 %7 = load i32, i32* %6, align 8 %8 = add i32 %7, 1 store i32 %8, i32* %6, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = bitcast %struct.spinlock* %4 to i8* store volatile i8 0, i8* %9, align 1 tail call void asm sideeffect "sti", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %10 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 5, i32 0, i32 0 %11 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %10) #69 %12 = getelementptr inbounds %struct.tty_port.338443, %struct.tty_port.338443* %0, i64 0, i32 1 %13 = load %struct.tty_struct.338440*, %struct.tty_struct.338440** %12, align 8 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_kref_put to void (%struct.tty_struct.338440*)*)(%struct.tty_struct.338440* %13) #69 ------------- Good: 21 Bad: 6 Ignored: 24 Check Use of Function:suspend_devices_and_enter Check Use of Function:__tcf_block_find Check Use of Function:follow_managed Check Use of Function:filter_match_preds Use: =BAD PATH= Call Stack: 0 event_triggers_call 1 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 br label %70 %71 = getelementptr inbounds i8, i8* %69, i64 8 %72 = bitcast i8* %71 to i64* store i64 ptrtoint (i8* blockaddress(@tracing_mark_write, %70) to i64), i64* %72, align 8 %73 = getelementptr inbounds i8, i8* %69, i64 16 %75 = call { i32, i8*, i8*, i32, i64 } asm sideeffect "# ALT: oldinstr2\0A661:\0A\09call ${5:P}\0A662:\0A# ALT: padding2\0A.skip -((((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)) > 0) * (((6651f-6641f) ^ (((6651f-6641f) ^ (6652f-6642f)) & -(-((6651f-6641f) < (6652f-6642f))))) - (662b-661b)), 0x90\0A663:\0A.pushsection .altinstructions,\22a\22\0A .long 661b - .\0A .long 6641f - .\0A .word ( 3*32+16)\0A .byte 663b-661b\0A .byte 6651f-6641f\0A .byte 663b-662b\0A .long 661b - .\0A .long 6642f - .\0A .word ( 9*32+ 9)\0A .byte 663b-661b\0A .byte 6652f-6642f\0A .byte 663b-662b\0A.popsection\0A.pushsection .altinstr_replacement, \22ax\22\0A# ALT: replacement 1\0A6641:\0A\09call ${6:P}\0A6651:\0A# ALT: replacement 2\0A6642:\0A\09call ${7:P}\0A6652:\0A.popsection\0A", "={ax},={di},={si},={dx},={rsp},i,i,i,1,2,3,4,~{memory},~{rcx},~{r8},~{r9},~{r10},~{r11},~{dirflag},~{fpsr},~{flags}"(i64 (i8*, i8*, i32)* nonnull @copy_user_generic_unrolled, i64 (i8*, i8*, i32)* nonnull @copy_user_generic_string, i64 (i8*, i8*, i32)* nonnull @copy_user_enhanced_fast_string, i8* %73, i8* %1, i32 %20, i64 %74) #6, !srcloc !8 %76 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 0 %77 = extractvalue { i32, i8*, i8*, i32, i64 } %75, 4 %78 = icmp eq i32 %76, 0 br i1 %78, label %80, label %79 %81 = phi i64 [ -14, %79 ], [ %17, %70 ] %82 = phi i64 [ 9, %79 ], [ %17, %70 ] %83 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 25 %84 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %85 = icmp eq %struct.trace_event_file.96777* %84, null br i1 %85, label %96, label %86 %87 = getelementptr inbounds %struct.trace_event_file.96777, %struct.trace_event_file.96777* %84, i64 0, i32 6 %88 = bitcast %struct.list_head* %87 to i64* %89 = load volatile i64, i64* %88, align 8 %90 = inttoptr i64 %89 to %struct.list_head* %91 = icmp eq %struct.list_head* %87, %90 br i1 %91, label %96, label %92 %93 = getelementptr i8, i8* %73, i64 %82 store i8 0, i8* %93, align 1 %94 = load %struct.trace_event_file.96777*, %struct.trace_event_file.96777** %83, align 8 %95 = call i32 bitcast (i32 (%struct.trace_event_file.99861*, i8*, %struct.ring_buffer_event*)* @event_triggers_call to i32 (%struct.trace_event_file.96777*, i8*, %struct.ring_buffer_event*)*)(%struct.trace_event_file.96777* %94, i8* %69, %struct.ring_buffer_event* nonnull %27) #69 Function:event_triggers_call %4 = getelementptr inbounds %struct.trace_event_file.99861, %struct.trace_event_file.99861* %0, i64 0, i32 6 %5 = bitcast %struct.list_head* %4 to i64* %6 = load volatile i64, i64* %5, align 8 %7 = inttoptr i64 %6 to %struct.list_head* %8 = icmp eq %struct.list_head* %4, %7 br i1 %8, label %64, label %9 %10 = load volatile i64, i64* %5, align 8 %11 = inttoptr i64 %10 to %struct.list_head* %12 = icmp eq %struct.list_head* %4, %11 br i1 %12, label %64, label %13 %14 = icmp eq i8* %1, null br label %15 %16 = phi i64 [ %10, %13 ], [ %61, %58 ] %17 = phi i32 [ 0, %13 ], [ %59, %58 ] %18 = inttoptr i64 %16 to i8* %19 = getelementptr i8, i8* %18, i64 -64 %20 = bitcast i8* %19 to %struct.event_trigger_data* %21 = getelementptr i8, i8* %18, i64 -8 %22 = load i8, i8* %21, align 8, !range !4 %23 = icmp eq i8 %22, 0 br i1 %23, label %24, label %58 br i1 %14, label %25, label %31 %32 = getelementptr i8, i8* %18, i64 -32 %33 = bitcast i8* %32 to i64* %34 = load volatile i64, i64* %33, align 8 %35 = icmp eq i64 %34, 0 br i1 %35, label %40, label %36 %37 = inttoptr i64 %34 to %struct.event_filter* %38 = tail call i32 @filter_match_preds(%struct.event_filter* nonnull %37, i8* nonnull %1) #69 ------------- Good: 111 Bad: 1 Ignored: 9944 Check Use of Function:ring_buffer_discard_commit Check Use of Function:ring_buffer_event_data Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 %31 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %32 = trunc i32 %26 to i8 %33 = getelementptr inbounds i8, i8* %30, i64 3 store i8 %32, i8* %33, align 1 %34 = icmp eq %struct.task_struct.96680* %31, null br i1 %34, label %38, label %35 %36 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 48 %37 = load i32, i32* %36, align 8 br label %38 %39 = phi i32 [ %37, %35 ], [ 0, %29 ] %40 = getelementptr inbounds i8, i8* %30, i64 4 %41 = bitcast i8* %40 to i32* store i32 %39, i32* %41, align 4 %42 = bitcast i8* %30 to i16* store i16 5, i16* %42, align 4 %43 = lshr i64 %19, 9 %44 = trunc i64 %43 to i32 %45 = and i32 %44, 1 %46 = lshr i32 %26, 14 %47 = and i32 %46, 64 %48 = or i32 %47, %45 %49 = and i32 %26, 983040 %50 = icmp eq i32 %49, 0 %51 = select i1 %50, i32 0, i32 8 %52 = lshr i32 %26, 4 %53 = and i32 %52, 16 %54 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %31, i64 0, i32 0, i32 0 %55 = load volatile i64, i64* %54, align 8 %56 = lshr i64 %55, 1 %57 = trunc i64 %56 to i32 %58 = and i32 %57, 4 %59 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %60 = lshr i32 %59, 26 %61 = and i32 %60, 32 %62 = or i32 %48, %53 %63 = or i32 %62, %51 %64 = or i32 %63, %58 %65 = or i32 %64, %61 %66 = trunc i32 %65 to i8 %67 = xor i8 %66, 33 %68 = getelementptr inbounds i8, i8* %30, i64 2 store i8 %67, i8* %68, align 2 %69 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 %28 = icmp eq %struct.ring_buffer_event* %27, null br i1 %28, label %128, label %29 %30 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %27) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 %34 = call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !6 %35 = trunc i32 %29 to i8 %36 = getelementptr inbounds i8, i8* %33, i64 3 store i8 %35, i8* %36, align 1 %37 = icmp eq %struct.task_struct.96680* %34, null br i1 %37, label %41, label %38 %39 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 48 %40 = load i32, i32* %39, align 8 br label %41 %42 = phi i32 [ %40, %38 ], [ 0, %32 ] %43 = getelementptr inbounds i8, i8* %33, i64 4 %44 = bitcast i8* %43 to i32* store i32 %42, i32* %44, align 4 %45 = bitcast i8* %33 to i16* store i16 16, i16* %45, align 4 %46 = lshr i64 %22, 9 %47 = trunc i64 %46 to i32 %48 = and i32 %47, 1 %49 = lshr i32 %29, 14 %50 = and i32 %49, 64 %51 = or i32 %50, %48 %52 = and i32 %29, 983040 %53 = icmp eq i32 %52, 0 %54 = select i1 %53, i32 0, i32 8 %55 = lshr i32 %29, 4 %56 = and i32 %55, 16 %57 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %34, i64 0, i32 0, i32 0 %58 = load volatile i64, i64* %57, align 8 %59 = lshr i64 %58, 1 %60 = trunc i64 %59 to i32 %61 = and i32 %60, 4 %62 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !7 %63 = lshr i32 %62, 26 %64 = and i32 %63, 32 %65 = or i32 %51, %56 %66 = or i32 %65, %54 %67 = or i32 %66, %61 %68 = or i32 %67, %64 %69 = trunc i32 %68 to i8 %70 = xor i8 %69, 33 %71 = getelementptr inbounds i8, i8* %33, i64 2 store i8 %70, i8* %71, align 2 %72 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 %31 = icmp eq %struct.ring_buffer_event* %30, null br i1 %31, label %100, label %32 %33 = call i8* @ring_buffer_event_data(%struct.ring_buffer_event* nonnull %30) #69 ------------- Good: 116 Bad: 4 Ignored: 12480 Check Use of Function:ring_buffer_lock_reserve Use: =BAD PATH= Call Stack: 0 tracing_mark_write ------------- Path:  Function:tracing_mark_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %128 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 br i1 %14, label %128, label %15 %16 = icmp ult i64 %2, 1024 %17 = select i1 %16, i64 %2, i64 1024 %18 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %19 = load i64, i64* %5, align 8 %20 = trunc i64 %17 to i32 %21 = add nuw nsw i64 %17, 18 %22 = icmp ult i64 %17, 9 %23 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %24 = load %struct.ring_buffer*, %struct.ring_buffer** %23, align 8 %25 = select i1 %22, i64 27, i64 %21 %26 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %27 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %24, i64 %25) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_mark_raw_write ------------- Path:  Function:tracing_mark_raw_write %5 = alloca i64, align 8 %6 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.trace_array** %8 = load %struct.trace_array*, %struct.trace_array** %7, align 8 %9 = load i1, i1* @tracing_disabled, align 4 br i1 %9, label %10, label %100 %11 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 13 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 1048576 %14 = icmp eq i32 %13, 0 %15 = add i64 %2, -4 %16 = icmp ugt i64 %15, 3068 %17 = or i1 %16, %14 br i1 %17, label %100, label %18 %19 = icmp ult i64 %2, 1024 %20 = select i1 %19, i64 %2, i64 1024 %21 = bitcast i64* %5 to i8* call void asm sideeffect "# __raw_save_flags\0A\09pushf ; pop $0", "=*rm,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* nonnull %5) #6, !srcloc !4 %22 = load i64, i64* %5, align 8 %23 = trunc i64 %20 to i32 %24 = add nuw nsw i64 %20, 12 %25 = icmp ult i64 %20, 13 %26 = getelementptr inbounds %struct.trace_array, %struct.trace_array* %8, i64 0, i32 2, i32 1 %27 = load %struct.ring_buffer*, %struct.ring_buffer** %26, align 8 %28 = select i1 %25, i64 25, i64 %24 %29 = call i32 asm "movl %gs:$1,$0", "=r,*m,~{dirflag},~{fpsr},~{flags}"(i32* nonnull @__preempt_count) #4, !srcloc !5 %30 = call %struct.ring_buffer_event* @ring_buffer_lock_reserve(%struct.ring_buffer* %27, i64 %28) #69 ------------- Good: 47 Bad: 2 Ignored: 6203 Check Use of Function:_atomic_dec_and_lock Use: =BAD PATH= Call Stack: 0 md_release ------------- Path:  Function:md_release %3 = getelementptr inbounds %struct.gendisk.272974, %struct.gendisk.272974* %0, i64 0, i32 11 %4 = bitcast i8** %3 to %struct.mddev** %5 = load %struct.mddev*, %struct.mddev** %4, align 8 %6 = icmp eq %struct.mddev* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 %9 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 62, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; decl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %9, i32* %9) #6, !srcloc !8 %10 = getelementptr inbounds %struct.mddev, %struct.mddev* %5, i64 0, i32 61 %11 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %10, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 md_open ------------- Path:  Function:md_open %3 = getelementptr inbounds %struct.block_device.272975, %struct.block_device.272975* %0, i64 0, i32 0 %4 = load i32, i32* %3, align 8 %5 = and i32 %4, -1048576 %6 = icmp eq i32 %5, 9437184 %7 = and i32 %4, -64 %8 = select i1 %6, i32 %4, i32 %7 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #69 %9 = load i8*, i8** bitcast (%struct.list_head* @all_mddevs to i8**), align 8 %10 = icmp eq i8* %9, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %10, label %28, label %11 %12 = phi i8* [ %19, %17 ], [ %9, %2 ] %13 = getelementptr i8, i8* %12, i64 -968 %14 = bitcast i8* %13 to i32* %15 = load i32, i32* %14, align 8 %16 = icmp eq i32 %15, %8 br i1 %16, label %21, label %17 %18 = bitcast i8* %12 to i8** %19 = load i8*, i8** %18, align 8 %20 = icmp eq i8* %19, bitcast (%struct.list_head* @all_mddevs to i8*) br i1 %20, label %28, label %11 %29 = phi %struct.mddev* [ null, %21 ], [ %25, %24 ], [ null, %2 ], [ null, %17 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %30 = icmp eq %struct.mddev* %29, null br i1 %30, label %150, label %31 %32 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 11 %33 = load %struct.gendisk.272974*, %struct.gendisk.272974** %32, align 8 %34 = getelementptr inbounds %struct.block_device.272975, %struct.block_device.272975* %0, i64 0, i32 16 %35 = load %struct.gendisk.272974*, %struct.gendisk.272974** %34, align 8 %36 = icmp eq %struct.gendisk.272974* %33, %35 br i1 %36, label %87, label %37 %38 = getelementptr inbounds %struct.mddev, %struct.mddev* %29, i64 0, i32 61 %39 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %38, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Use: =BAD PATH= Call Stack: 0 md_attr_show ------------- Path:  Function:md_attr_show %4 = getelementptr %struct.kobject.273204, %struct.kobject.273204* %0, i64 -2, i32 5 %5 = bitcast %struct.kernfs_node.273093** %4 to %struct.mddev* %6 = getelementptr inbounds %struct.attribute, %struct.attribute* %1, i64 1 %7 = bitcast %struct.attribute* %6 to i64 (%struct.mddev*, i8*)** %8 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %9 = icmp eq i64 (%struct.mddev*, i8*)* %8, null br i1 %9, label %72, label %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @all_mddevs_lock, i64 0, i32 0, i32 0)) #69 %11 = getelementptr inbounds %struct.kernfs_node.273093*, %struct.kernfs_node.273093** %4, i64 123 %12 = bitcast %struct.kernfs_node.273093** %11 to %struct.list_head* %13 = bitcast %struct.kernfs_node.273093** %11 to i64* %14 = load volatile i64, i64* %13, align 8 %15 = inttoptr i64 %14 to %struct.list_head* %16 = icmp eq %struct.list_head* %15, %12 br i1 %16, label %17, label %18 %19 = getelementptr inbounds %struct.kernfs_node.273093*, %struct.kernfs_node.273093** %4, i64 65 %20 = bitcast %struct.kernfs_node.273093** %19 to i32* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incl $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %20, i32* %20) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @all_mddevs_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %21 = load i64 (%struct.mddev*, i8*)*, i64 (%struct.mddev*, i8*)** %7, align 8 %22 = tail call i64 %21(%struct.mddev* %5, i8* %2) #69 %23 = bitcast %struct.kernfs_node.273093** %19 to %struct.kuid_t* %24 = tail call i32 @_atomic_dec_and_lock(%struct.kuid_t* %23, %struct.spinlock* nonnull @all_mddevs_lock) #69 ------------- Good: 21 Bad: 3 Ignored: 24 Check Use of Function:thaw_super Check Use of Function:blk_queue_flag_set Use: =BAD PATH= Call Stack: 0 blk_stat_add_callback 1 blk_poll 2 blkdev_iopoll ------------- Path:  Function:blkdev_iopoll %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr %struct.inode.112777, %struct.inode.112777* %8, i64 -1, i32 40 %10 = getelementptr inbounds %struct.file_lock_context*, %struct.file_lock_context** %9, i64 16 %11 = bitcast %struct.file_lock_context** %10 to %struct.gendisk.112631** %12 = load %struct.gendisk.112631*, %struct.gendisk.112631** %11, align 8 %13 = getelementptr inbounds %struct.gendisk.112631, %struct.gendisk.112631* %12, i64 0, i32 10 %14 = load %struct.request_queue.112608*, %struct.request_queue.112608** %13, align 8 %15 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 7 %16 = load volatile i32, i32* %15, align 4 %17 = tail call i32 bitcast (i32 (%struct.request_queue.272970*, i32, i1)* @blk_poll to i32 (%struct.request_queue.112608*, i32, i1)*)(%struct.request_queue.112608* %14, i32 %16, i1 zeroext %1) #69 Function:blk_poll %4 = alloca %struct.hrtimer_sleeper.277443, align 8 %5 = alloca i64, align 8 %6 = icmp ult i32 %1, -2 br i1 %6, label %7, label %180 %8 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 14 %9 = load volatile i64, i64* %8, align 8 %10 = and i64 %9, 65536 %11 = icmp eq i64 %10, 0 br i1 %11, label %180, label %12 %13 = tail call %struct.task_struct.273163* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.273163** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.273163**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.273163, %struct.task_struct.273163* %13, i64 0, i32 111 %15 = load %struct.blk_plug*, %struct.blk_plug** %14, align 8 %16 = icmp eq %struct.blk_plug* %15, null br i1 %16, label %18, label %17 %19 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 10 %20 = load %struct.blk_mq_hw_ctx.272919**, %struct.blk_mq_hw_ctx.272919*** %19, align 8 %21 = lshr i32 %1, 16 %22 = and i32 %21, 32767 %23 = zext i32 %22 to i64 %24 = getelementptr %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %20, i64 %23 %25 = load %struct.blk_mq_hw_ctx.272919*, %struct.blk_mq_hw_ctx.272919** %24, align 8 %26 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 30 %27 = load i32, i32* %26, align 4 %28 = icmp eq i32 %27, -1 br i1 %28, label %131, label %29 %30 = icmp slt i32 %1, 0 br i1 %30, label %46, label %31 %47 = getelementptr inbounds %struct.blk_mq_hw_ctx.272919, %struct.blk_mq_hw_ctx.272919* %25, i64 0, i32 20 %48 = load %struct.blk_mq_tags.272914*, %struct.blk_mq_tags.272914** %47, align 64 %49 = and i32 %1, 65535 %50 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 0 %51 = load i32, i32* %50, align 8 %52 = icmp ugt i32 %51, %49 br i1 %52, label %53, label %131 %54 = getelementptr inbounds %struct.blk_mq_tags.272914, %struct.blk_mq_tags.272914* %48, i64 0, i32 5 %55 = load %struct.request.272936**, %struct.request.272936*** %54, align 8 %56 = zext i32 %49 to i64 %57 = getelementptr %struct.request.272936*, %struct.request.272936** %55, i64 %56 %58 = bitcast %struct.request.272936** %57 to i8** %59 = load i8*, i8** %58, align 8 %60 = bitcast i8* %59 to %struct.request.272936* %61 = icmp eq i8* %59, null br i1 %61, label %131, label %62 %63 = phi %struct.request.272936* [ %60, %53 ], [ %45, %38 ], [ null, %31 ] %64 = bitcast %struct.hrtimer_sleeper.277443* %4 to i8* %65 = getelementptr inbounds %struct.request.272936, %struct.request.272936* %63, i64 0, i32 4 %66 = load i32, i32* %65, align 4 %67 = and i32 %66, 1048576 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %129 %70 = icmp sgt i32 %27, 0 br i1 %70, label %97, label %71 %72 = load volatile i64, i64* %8, align 8 %73 = and i64 %72, 2097152 %74 = icmp eq i64 %73, 0 br i1 %74, label %75, label %80 %76 = tail call zeroext i1 @blk_queue_flag_test_and_set(i32 21, %struct.request_queue.272970* %0) #69 br i1 %76, label %80, label %77 %78 = getelementptr inbounds %struct.request_queue.272970, %struct.request_queue.272970* %0, i64 0, i32 31 %79 = load %struct.blk_stat_callback.272960*, %struct.blk_stat_callback.272960** %78, align 8 tail call void bitcast (void (%struct.request_queue.278135*, %struct.blk_stat_callback.278129*)* @blk_stat_add_callback to void (%struct.request_queue.272970*, %struct.blk_stat_callback.272960*)*)(%struct.request_queue.272970* %0, %struct.blk_stat_callback.272960* %79) #69 Function:blk_stat_add_callback %3 = tail call i32 @cpumask_next(i32 -1, %struct.cpumask* nonnull @__cpu_possible_mask) #69 %4 = load i32, i32* @nr_cpu_ids, align 4 %5 = icmp ult i32 %3, %4 br i1 %5, label %6, label %35 %7 = getelementptr inbounds %struct.blk_stat_callback.278129, %struct.blk_stat_callback.278129* %1, i64 0, i32 2 %8 = bitcast %struct.blk_rq_stat** %7 to i64* %9 = getelementptr inbounds %struct.blk_stat_callback.278129, %struct.blk_stat_callback.278129* %1, i64 0, i32 4 br label %14 %15 = phi i32 [ %3, %6 ], [ %11, %10 ] %16 = load i64, i64* %8, align 8 %17 = sext i32 %15 to i64 %18 = getelementptr [64 x i64], [64 x i64]* @__per_cpu_offset, i64 0, i64 %17 %19 = load i64, i64* %18, align 8 %20 = add i64 %19, %16 %21 = inttoptr i64 %20 to %struct.blk_rq_stat* %22 = load i32, i32* %9, align 8 %23 = icmp eq i32 %22, 0 br i1 %23, label %10, label %24 %25 = phi i64 [ %31, %24 ], [ 0, %14 ] %26 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %21, i64 %25, i32 1 store i64 -1, i64* %26, align 8 %27 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %21, i64 %25, i32 0 store i64 0, i64* %27, align 8 %28 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %21, i64 %25, i32 3 store i32 0, i32* %28, align 8 %29 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %21, i64 %25, i32 2 store i64 0, i64* %29, align 8 %30 = getelementptr %struct.blk_rq_stat, %struct.blk_rq_stat* %21, i64 %25, i32 4 store i64 0, i64* %30, align 8 %31 = add nuw nsw i64 %25, 1 %32 = load i32, i32* %9, align 8 %33 = zext i32 %32 to i64 %34 = icmp ult i64 %31, %33 br i1 %34, label %24, label %10 %11 = tail call i32 @cpumask_next(i32 %15, %struct.cpumask* nonnull @__cpu_possible_mask) #69 %12 = load i32, i32* @nr_cpu_ids, align 4 %13 = icmp ult i32 %11, %12 br i1 %13, label %14, label %35 %36 = getelementptr inbounds %struct.request_queue.278135, %struct.request_queue.278135* %0, i64 0, i32 2 %37 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %36, align 8 %38 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %37, i64 0, i32 1, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %38) #69 %39 = getelementptr inbounds %struct.blk_stat_callback.278129, %struct.blk_stat_callback.278129* %1, i64 0, i32 0 %40 = load %struct.blk_queue_stats*, %struct.blk_queue_stats** %36, align 8 %41 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %40, i64 0, i32 0 %42 = getelementptr inbounds %struct.blk_queue_stats, %struct.blk_queue_stats* %40, i64 0, i32 0, i32 1 %43 = load %struct.list_head*, %struct.list_head** %42, align 8 %44 = getelementptr inbounds %struct.blk_stat_callback.278129, %struct.blk_stat_callback.278129* %1, i64 0, i32 0, i32 0 store %struct.list_head* %41, %struct.list_head** %44, align 8 %45 = getelementptr inbounds %struct.blk_stat_callback.278129, %struct.blk_stat_callback.278129* %1, i64 0, i32 0, i32 1 store %struct.list_head* %43, %struct.list_head** %45, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %46 = ptrtoint %struct.blk_stat_callback.278129* %1 to i64 %47 = bitcast %struct.list_head* %43 to i64* store volatile i64 %46, i64* %47, align 8 store %struct.list_head* %39, %struct.list_head** %42, align 8 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_set to void (i32, %struct.request_queue.278135*)*)(i32 20, %struct.request_queue.278135* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.anon.193.488450, align 1 %8 = getelementptr %struct.device.528214, %struct.device.528214* %0, i64 -1, i32 36 %9 = bitcast %struct.iommu_param** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 1 %11 = bitcast %struct.iommu_param** %10 to %struct.scsi_device.528231** %12 = load %struct.scsi_device.528231*, %struct.scsi_device.528231** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.anon.193.488450, %struct.anon.193.488450* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.528231, %struct.scsi_device.528231* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %120 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %29 = bitcast [3 x i8]* %28 to i24* %30 = load i24, i24* %29, align 1 %31 = and i24 %30, -3 store i24 %31, i24* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #70 %35 = icmp slt i32 %34, 0 br i1 %35, label %120, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %48 = bitcast [3 x i8]* %47 to i24* %49 = load i24, i24* %48, align 1 %50 = and i24 %49, 2 %51 = icmp eq i24 %50, 0 br i1 %51, label %69, label %52 %53 = trunc i32 %46 to i24 %54 = shl nuw nsw i24 %53, 2 %55 = and i24 %49, -13 %56 = or i24 %55, %54 %57 = trunc i32 %34 to i24 %58 = shl i24 %57, 3 %59 = and i24 %58, 8 %60 = or i24 %56, %59 store i24 %60, i24* %48, align 1 %61 = icmp ne i24 %53, 0 %62 = and i24 %56, 20 %63 = icmp eq i24 %62, 20 %64 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 92 %65 = bitcast %struct.iommu_param** %64 to %struct.gendisk.528009** %66 = load %struct.gendisk.528009*, %struct.gendisk.528009** %65, align 8 %67 = getelementptr inbounds %struct.gendisk.528009, %struct.gendisk.528009* %66, i64 0, i32 10 %68 = load %struct.request_queue.528005*, %struct.request_queue.528005** %67, align 8 tail call void bitcast (void (%struct.request_queue.274422*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.528005*, i1, i1)*)(%struct.request_queue.528005* %68, i1 zeroext %61, i1 zeroext %63) #70 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_set to void (i32, %struct.request_queue.274422*)*)(i32 17, %struct.request_queue.274422* %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 blk_queue_write_cache 1 cache_type_store ------------- Path:  Function:cache_type_store %5 = alloca [64 x i8], align 16 %6 = alloca %struct.scsi_mode_data, align 4 %7 = alloca %struct.anon.193.488450, align 1 %8 = getelementptr %struct.device.528214, %struct.device.528214* %0, i64 -1, i32 36 %9 = bitcast %struct.iommu_param** %8 to %struct.scsi_disk* %10 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 1 %11 = bitcast %struct.iommu_param** %10 to %struct.scsi_device.528231** %12 = load %struct.scsi_device.528231*, %struct.scsi_device.528231** %11, align 8 %13 = getelementptr inbounds [64 x i8], [64 x i8]* %5, i64 0, i64 0 %14 = bitcast %struct.scsi_mode_data* %6 to i8* %15 = getelementptr inbounds %struct.anon.193.488450, %struct.anon.193.488450* %7, i64 0, i32 0 %16 = getelementptr inbounds %struct.scsi_device.528231, %struct.scsi_device.528231* %12, i64 0, i32 23 %17 = load i8, i8* %16, align 8 switch i8 %17, label %120 [ i8 0, label %18 i8 20, label %18 ] %19 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(11) getelementptr inbounds ([11 x i8], [11 x i8]* @cache_type_store.temp, i64 0, i64 0), i64 10) #69 %20 = icmp eq i32 %19, 0 br i1 %20, label %21, label %27 %28 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %29 = bitcast [3 x i8]* %28 to i24* %30 = load i24, i24* %29, align 1 %31 = and i24 %30, -3 store i24 %31, i24* %29, align 1 br label %32 %33 = phi i8* [ %22, %21 ], [ %2, %27 ] %34 = tail call i32 @__sysfs_match_string(i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @sd_cache_types, i64 0, i64 0), i64 4, i8* %33) #70 %35 = icmp slt i32 %34, 0 br i1 %35, label %120, label %36 %37 = and i32 %34, 1 %38 = and i32 %34, 2 %39 = icmp eq i32 %38, 0 br i1 %39, label %45, label %40 %46 = phi i32 [ 0, %36 ], [ %44, %40 ] %47 = getelementptr inbounds %struct.scsi_disk, %struct.scsi_disk* %9, i64 0, i32 22 %48 = bitcast [3 x i8]* %47 to i24* %49 = load i24, i24* %48, align 1 %50 = and i24 %49, 2 %51 = icmp eq i24 %50, 0 br i1 %51, label %69, label %52 %53 = trunc i32 %46 to i24 %54 = shl nuw nsw i24 %53, 2 %55 = and i24 %49, -13 %56 = or i24 %55, %54 %57 = trunc i32 %34 to i24 %58 = shl i24 %57, 3 %59 = and i24 %58, 8 %60 = or i24 %56, %59 store i24 %60, i24* %48, align 1 %61 = icmp ne i24 %53, 0 %62 = and i24 %56, 20 %63 = icmp eq i24 %62, 20 %64 = getelementptr inbounds %struct.iommu_param*, %struct.iommu_param** %8, i64 92 %65 = bitcast %struct.iommu_param** %64 to %struct.gendisk.528009** %66 = load %struct.gendisk.528009*, %struct.gendisk.528009** %65, align 8 %67 = getelementptr inbounds %struct.gendisk.528009, %struct.gendisk.528009* %66, i64 0, i32 10 %68 = load %struct.request_queue.528005*, %struct.request_queue.528005** %67, align 8 tail call void bitcast (void (%struct.request_queue.274422*, i1, i1)* @blk_queue_write_cache to void (%struct.request_queue.528005*, i1, i1)*)(%struct.request_queue.528005* %68, i1 zeroext %61, i1 zeroext %63) #70 Function:blk_queue_write_cache br i1 %1, label %4, label %5 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_clear to void (i32, %struct.request_queue.274422*)*)(i32 17, %struct.request_queue.274422* %0) #69 br label %6 br i1 %2, label %7, label %8 tail call void bitcast (void (i32, %struct.request_queue.272970*)* @blk_queue_flag_set to void (i32, %struct.request_queue.274422*)*)(i32 18, %struct.request_queue.274422* %0) #69 ------------- Good: 58 Bad: 3 Ignored: 91 Check Use of Function:tcf_chain_tp_delete_empty Check Use of Function:hibernate Use: =BAD PATH= Call Stack: 0 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #69 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7271, i64 0, i64 0), i64 4) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #69 ------------- Good: 1 Bad: 1 Ignored: 0 Check Use of Function:security_inode_create Check Use of Function:vfat_lookup Check Use of Function:ipc_rcu_getref Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semop ------------- Path:  Function:__ia32_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to %struct.orc_entry* %11 = trunc i64 %8 to i32 %12 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %10, i32 %11, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semop ------------- Path:  Function:__x64_sys_semop %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.orc_entry** %6 = load %struct.orc_entry*, %struct.orc_entry** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = tail call fastcc i64 @do_semtimedop(i32 %9, %struct.orc_entry* %6, i32 %10, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop_time32 ------------- Path:  Function:__ia32_sys_semtimedop_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop_time32 ------------- Path:  Function:__x64_sys_semtimedop_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 compat_ksys_semtimedop 2 compat_ksys_ipc 3 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %17 = zext i32 %4 to i64 %18 = inttoptr i64 %17 to %struct.orc_entry* %19 = zext i32 %5 to i64 %20 = inttoptr i64 %19 to %struct.util_est* %21 = tail call i64 @compat_ksys_semtimedop(i32 %1, %struct.orc_entry* %18, i32 %2, %struct.util_est* %20) #69 Function:compat_ksys_semtimedop %5 = alloca %struct.anon.54, align 8 %6 = icmp eq %struct.util_est* %3, null br i1 %6, label %16, label %7 %17 = tail call fastcc i64 @do_semtimedop(i32 %0, %struct.orc_entry* %1, i32 %2, %struct.anon.54* null) #70 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __ia32_sys_semtimedop ------------- Path:  Function:__ia32_sys_semtimedop %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %7 to %struct.orc_entry* %15 = trunc i64 %9 to i32 %16 = icmp eq i64 %12, 0 br i1 %16, label %26, label %17 %27 = tail call fastcc i64 @do_semtimedop(i32 %13, %struct.orc_entry* %14, i32 %15, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_semtimedop 1 __x64_sys_semtimedop ------------- Path:  Function:__x64_sys_semtimedop %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.orc_entry** %7 = load %struct.orc_entry*, %struct.orc_entry** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %4 to i32 %13 = trunc i64 %9 to i32 %14 = icmp eq i64 %11, 0 br i1 %14, label %24, label %15 %25 = tail call fastcc i64 @do_semtimedop(i32 %12, %struct.orc_entry* %7, i32 %13, %struct.anon.54* null) #69 Function:do_semtimedop %5 = alloca [64 x %struct.orc_entry], align 16 %6 = alloca %struct.sem_queue, align 8 %7 = alloca %struct.wake_q_head, align 8 %8 = bitcast [64 x %struct.orc_entry]* %5 to i8* %9 = getelementptr inbounds [64 x %struct.orc_entry], [64 x %struct.orc_entry]* %5, i64 0, i64 0 %10 = bitcast %struct.sem_queue* %6 to i8* %11 = tail call %struct.task_struct.244247* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244247** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244247**)) #10, !srcloc !4 %12 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 86 %13 = load %struct.nsproxy.244189*, %struct.nsproxy.244189** %12, align 16 %14 = getelementptr inbounds %struct.nsproxy.244189, %struct.nsproxy.244189* %13, i64 0, i32 2 %15 = load %struct.ipc_namespace.243034*, %struct.ipc_namespace.243034** %14, align 8 %16 = icmp eq i32 %2, 0 %17 = icmp slt i32 %0, 0 %18 = or i1 %17, %16 br i1 %18, label %773, label %19 %20 = getelementptr %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 2, i64 2 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %21, %2 br i1 %22, label %773, label %23 %24 = icmp ugt i32 %2, 64 %25 = zext i32 %2 to i64 %26 = mul nuw nsw i64 %25, 6 br i1 %24, label %29, label %27 %28 = bitcast [64 x %struct.orc_entry]* %5 to i8* br label %36 %37 = phi i8* [ %28, %27 ], [ %30, %33 ] %38 = phi %struct.orc_entry* [ %9, %27 ], [ %31, %33 ] %39 = bitcast %struct.orc_entry* %1 to i8* %40 = call i64 @_copy_from_user(i8* %37, i8* %39, i64 %26) #69 %41 = icmp eq i64 %40, 0 br i1 %41, label %42, label %765 %43 = icmp ne %struct.anon.54* %3, null br i1 %43, label %44, label %54 %45 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 0 %46 = load i64, i64* %45, align 8 %47 = icmp slt i64 %46, 0 br i1 %47, label %765, label %48 %49 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %3, i64 0, i32 1 %50 = load i64, i64* %49, align 8 %51 = icmp ugt i64 %50, 999999999 br i1 %51, label %765, label %52 %53 = call i64 @timespec64_to_jiffies(%struct.anon.54* nonnull %3) #69 br label %54 %55 = phi i64 [ %53, %52 ], [ 0, %42 ] %56 = getelementptr %struct.orc_entry, %struct.orc_entry* %38, i64 %25 %57 = icmp ult %struct.orc_entry* %38, %56 br i1 %57, label %58, label %378 %59 = phi %struct.orc_entry* [ %87, %58 ], [ %38, %54 ] %60 = phi i32 [ %72, %58 ], [ 0, %54 ] %61 = phi i8 [ %77, %58 ], [ 0, %54 ] %62 = phi i8 [ %86, %58 ], [ 0, %54 ] %63 = phi i8 [ %80, %58 ], [ 0, %54 ] %64 = phi i64 [ %85, %58 ], [ 0, %54 ] %65 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 0 %66 = load i16, i16* %65, align 2 %67 = zext i16 %66 to i32 %68 = and i32 %67, 63 %69 = zext i32 %68 to i64 %70 = shl nuw i64 1, %69 %71 = icmp ugt i32 %60, %67 %72 = select i1 %71, i32 %60, i32 %67 %73 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 2 %74 = load i16, i16* %73, align 2 %75 = and i16 %74, 4096 %76 = icmp eq i16 %75, 0 %77 = select i1 %76, i8 %61, i8 1 %78 = and i64 %70, %64 %79 = icmp eq i64 %78, 0 %80 = select i1 %79, i8 %63, i8 1 %81 = getelementptr inbounds %struct.orc_entry, %struct.orc_entry* %59, i64 0, i32 1 %82 = load i16, i16* %81, align 2 %83 = icmp eq i16 %82, 0 %84 = select i1 %83, i64 0, i64 %70 %85 = or i64 %84, %64 %86 = select i1 %83, i8 %62, i8 1 %87 = getelementptr %struct.orc_entry, %struct.orc_entry* %59, i64 1 %88 = icmp ult %struct.orc_entry* %87, %56 br i1 %88, label %58, label %89 %90 = and i8 %77, 1 %91 = icmp eq i8 %90, 0 br i1 %91, label %378, label %92 %93 = getelementptr inbounds %struct.task_struct.244247, %struct.task_struct.244247* %11, i64 0, i32 82, i32 0 %94 = load %struct.sem_undo_list*, %struct.sem_undo_list** %93, align 8 %95 = icmp eq %struct.sem_undo_list* %94, null br i1 %95, label %96, label %111 %97 = load %struct.kmem_cache*, %struct.kmem_cache** getelementptr inbounds ([3 x [14 x %struct.kmem_cache*]], [3 x [14 x %struct.kmem_cache*]]* @kmalloc_caches, i64 0, i64 0, i64 5), align 8 %98 = call noalias align 8 i8* @kmem_cache_alloc_trace(%struct.kmem_cache* %97, i32 4197824, i64 24) #69 %99 = icmp eq i8* %98, null br i1 %99, label %374, label %100 %101 = bitcast i8* %98 to %struct.sem_undo_list* %102 = getelementptr inbounds i8, i8* %98, i64 4 %103 = bitcast i8* %102 to i32* store i32 0, i32* %103, align 4 %104 = bitcast i8* %98 to i32* store volatile i32 1, i32* %104, align 8 %105 = getelementptr inbounds i8, i8* %98, i64 8 %106 = ptrtoint i8* %105 to i64 %107 = bitcast i8* %105 to i64* store volatile i64 %106, i64* %107, align 8 %108 = getelementptr inbounds i8, i8* %98, i64 16 %109 = bitcast i8* %108 to i8** store i8* %105, i8** %109, align 8 %110 = bitcast %struct.sem_undo_list** %93 to i8** store i8* %98, i8** %110, align 8 br label %111 %112 = phi %struct.sem_undo_list* [ %94, %92 ], [ %101, %100 ] %113 = ptrtoint %struct.sem_undo_list* %112 to i64 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 %114 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1 %115 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %114, i64 0, i32 0, i32 0 call void @_raw_spin_lock(%struct.raw_spinlock* %115) #69 %116 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 1, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 %117 = load volatile i32, i32* %116, align 4 %118 = icmp eq i32 %117, 0 br i1 %118, label %119, label %120, !prof !5, !misexpect !6 %121 = getelementptr inbounds %struct.sem_undo_list, %struct.sem_undo_list* %112, i64 0, i32 2 %122 = bitcast %struct.list_head* %121 to i64* %123 = load volatile i64, i64* %122, align 8 %124 = inttoptr i64 %123 to %struct.sem_undo* %125 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %124, i64 0, i32 0 %126 = icmp eq %struct.list_head* %125, %121 br i1 %126, label %154, label %127 %128 = phi %struct.sem_undo* [ %136, %133 ], [ %124, %120 ] %129 = phi i64 [ %135, %133 ], [ %123, %120 ] %130 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %128, i64 0, i32 4 %131 = load i32, i32* %130, align 8 %132 = icmp eq i32 %131, %0 br i1 %132, label %139, label %133 %134 = inttoptr i64 %129 to i64* %135 = load volatile i64, i64* %134, align 8 %136 = inttoptr i64 %135 to %struct.sem_undo* %137 = getelementptr inbounds %struct.sem_undo, %struct.sem_undo* %136, i64 0, i32 0 %138 = icmp eq %struct.list_head* %137, %121 br i1 %138, label %154, label %127 %155 = phi %struct.sem_undo* [ null, %139 ], [ %128, %141 ], [ null, %120 ], [ null, %133 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !13 %156 = bitcast %struct.spinlock* %114 to i8* store volatile i8 0, i8* %156, align 1 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !14 %157 = icmp eq %struct.sem_undo* %155, null br i1 %157, label %158, label %371, !prof !5, !misexpect !15 %159 = getelementptr inbounds %struct.ipc_namespace.243034, %struct.ipc_namespace.243034* %15, i64 0, i32 1, i64 0 %160 = call %struct.kern_ipc_perm* @ipc_obtain_object_check(%struct.ipc_ids* %159, i32 %0) #69 %161 = bitcast %struct.kern_ipc_perm* %160 to %struct.sem_array* %162 = bitcast %struct.kern_ipc_perm* %160 to i8* %163 = icmp ugt %struct.kern_ipc_perm* %160, inttoptr (i64 -4096 to %struct.kern_ipc_perm*) br i1 %163, label %164, label %166 %167 = getelementptr inbounds %struct.kern_ipc_perm, %struct.kern_ipc_perm* %160, i64 1, i32 11 %168 = bitcast %struct.rhash_head* %167 to i32* %169 = load i32, i32* %168, align 8 %170 = call zeroext i1 @ipc_rcu_getref(%struct.kern_ipc_perm* %160) #69 ------------- Good: 4 Bad: 11 Ignored: 6 Check Use of Function:kernel_halt Check Use of Function:kernel_restart Check Use of Function:drm_syncobj_release Check Use of Function:reboot_pid_ns Check Use of Function:bad_inode_lookup Check Use of Function:ata_task_ioctl Check Use of Function:simple_rename Check Use of Function:ata_cmd_ioctl Check Use of Function:blk_rq_map_user_iov Check Use of Function:slow_avc_audit Check Use of Function:shmem_lock Check Use of Function:io_ring_ctx_wait_and_kill Use: =BAD PATH= Call Stack: 0 io_uring_release ------------- Path:  Function:io_uring_release %3 = getelementptr inbounds %struct.file.152533, %struct.file.152533* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.io_ring_ctx** %5 = load %struct.io_ring_ctx*, %struct.io_ring_ctx** %4, align 8 store i8* null, i8** %3, align 8 tail call fastcc void @io_ring_ctx_wait_and_kill(%struct.io_ring_ctx* %5) #69 ------------- Good: 2 Bad: 1 Ignored: 1 Check Use of Function:pipe_read Check Use of Function:urandom_read_iter Check Use of Function:down_read_killable Use: =BAD PATH= Call Stack: 0 clear_refs_write ------------- Path:  Function:clear_refs_write %5 = alloca [13 x i8], align 1 %6 = alloca %struct.mmu_gather.161658, align 8 %7 = alloca i32, align 4 %8 = alloca %struct.mmu_notifier_range.161659, align 8 %9 = alloca %struct.kuid_t, align 4 %10 = getelementptr inbounds [13 x i8], [13 x i8]* %5, i64 0, i64 0 %11 = bitcast %struct.mmu_gather.161658* %6 to i8* %12 = bitcast i32* %7 to i8* %13 = icmp ult i64 %2, 12 %14 = select i1 %13, i64 %2, i64 12 %15 = call i64 @_copy_from_user(i8* nonnull %10, i8* %1, i64 %14) #69 %16 = icmp eq i64 %15, 0 br i1 %16, label %17, label %122 %18 = call i8* @strim(i8* nonnull %10) #69 %19 = call i32 @kstrtoint(i8* %18, i32 10, i32* nonnull %7) #69 %20 = icmp slt i32 %19, 0 br i1 %20, label %21, label %23 %24 = load i32, i32* %7, align 4 %25 = add i32 %24, -1 %26 = icmp ugt i32 %25, 4 br i1 %26, label %122, label %27 %28 = getelementptr inbounds %struct.file.161644, %struct.file.161644* %0, i64 0, i32 2 %29 = load %struct.inode.161632*, %struct.inode.161632** %28, align 8 %30 = getelementptr %struct.inode.161632, %struct.inode.161632* %29, i64 -1, i32 41, i32 13 %31 = bitcast %struct.list_head* %30 to %struct.pid.161364** %32 = load %struct.pid.161364*, %struct.pid.161364** %31, align 8 %33 = call %struct.task_struct.161518* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.161518* (%struct.pid.161364*, i32)*)(%struct.pid.161364* %32, i32 0) #69 %34 = icmp eq %struct.task_struct.161518* %33, null br i1 %34, label %122, label %35 %36 = call %struct.mm_struct.161548* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*)* @get_task_mm to %struct.mm_struct.161548* (%struct.task_struct.161518*)*)(%struct.task_struct.161518* nonnull %33) #69 %37 = icmp eq %struct.mm_struct.161548* %36, null br i1 %37, label %110, label %38 %39 = bitcast %struct.mmu_notifier_range.161659* %8 to i8* %40 = bitcast %struct.kuid_t* %9 to i8* %41 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %9, i64 0, i32 0 store i32 %24, i32* %41, align 4 %42 = icmp eq i32 %24, 5 %43 = getelementptr inbounds %struct.mm_struct.161548, %struct.mm_struct.161548* %36, i64 0, i32 0, i32 17 br i1 %42, label %44, label %63 %64 = call i32 @down_read_killable(%struct.rw_semaphore* %43) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 environ_open ------------- Path:  Function:environ_open %3 = tail call %struct.mm_struct.162609* @proc_mem_open(%struct.inode.162701* %0, i32 1) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.162701, %struct.inode.162701* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.162375** %5 = load %struct.pid.162375*, %struct.pid.162375** %4, align 8 %6 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.162579* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.162609* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*, i32)* @mm_access to %struct.mm_struct.162609* (%struct.task_struct.162579*, i32)*)(%struct.task_struct.162579* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %4 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 auxv_open ------------- Path:  Function:auxv_open %3 = tail call %struct.mm_struct.162609* @proc_mem_open(%struct.inode.162701* %0, i32 9) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.162701, %struct.inode.162701* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.162375** %5 = load %struct.pid.162375*, %struct.pid.162375** %4, align 8 %6 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.162579* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.162609* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*, i32)* @mm_access to %struct.mm_struct.162609* (%struct.task_struct.162579*, i32)*)(%struct.task_struct.162579* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %4 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 mem_open ------------- Path:  Function:mem_open %3 = tail call %struct.mm_struct.162609* @proc_mem_open(%struct.inode.162701* %0, i32 2) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.162701, %struct.inode.162701* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.162375** %5 = load %struct.pid.162375*, %struct.pid.162375** %4, align 8 %6 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.162579* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.162609* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*, i32)* @mm_access to %struct.mm_struct.162609* (%struct.task_struct.162579*, i32)*)(%struct.task_struct.162579* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %4 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 proc_pid_attr_open ------------- Path:  Function:proc_pid_attr_open %3 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %1, i64 0, i32 16 store i8* null, i8** %3, align 8 %4 = tail call %struct.mm_struct.162609* @proc_mem_open(%struct.inode.162701* %0, i32 9) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.162701, %struct.inode.162701* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.162375** %5 = load %struct.pid.162375*, %struct.pid.162375** %4, align 8 %6 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.162579* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.162609* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*, i32)* @mm_access to %struct.mm_struct.162609* (%struct.task_struct.162579*, i32)*)(%struct.task_struct.162579* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %4 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 mm_access 1 proc_mem_open 2 pagemap_open ------------- Path:  Function:pagemap_open %3 = tail call %struct.mm_struct.161548* bitcast (%struct.mm_struct.162609* (%struct.inode.162701*, i32)* @proc_mem_open to %struct.mm_struct.161548* (%struct.inode.161632*, i32)*)(%struct.inode.161632* %0, i32 1) #69 Function:proc_mem_open %3 = getelementptr %struct.inode.162701, %struct.inode.162701* %0, i64 -1, i32 41, i32 13 %4 = bitcast %struct.list_head* %3 to %struct.pid.162375** %5 = load %struct.pid.162375*, %struct.pid.162375** %4, align 8 %6 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %5, i32 0) #69 %7 = icmp eq %struct.task_struct.162579* %6, null br i1 %7, label %27, label %8 %9 = or i32 %1, 8 %10 = tail call %struct.mm_struct.162609* bitcast (%struct.mm_struct.43116* (%struct.task_struct.43108*, i32)* @mm_access to %struct.mm_struct.162609* (%struct.task_struct.162579*, i32)*)(%struct.task_struct.162579* nonnull %6, i32 %9) #69 Function:mm_access %3 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %0, i64 0, i32 87 %4 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.43021, %struct.signal_struct.43021* %4, i64 0, i32 59 %6 = tail call i32 @down_read_killable(%struct.rw_semaphore* %5) #69 ------------- Good: 22 Bad: 6 Ignored: 54 Check Use of Function:uart_set_ldisc Check Use of Function:nfs_file_read Check Use of Function:cgroup_setup_root Check Use of Function:skb_copy_expand Check Use of Function:rw_verify_area Use: =BAD PATH= Call Stack: 0 __se_sys_splice 1 __ia32_sys_splice ------------- Path:  Function:__ia32_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %18 = load i64, i64* %17, align 8 %19 = and i64 %18, 4294967295 %20 = tail call fastcc i64 @__se_sys_splice(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16, i64 %19) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_splice 1 __x64_sys_splice ------------- Path:  Function:__x64_sys_splice %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = tail call fastcc i64 @__se_sys_splice(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11, i64 %13) #69 Function:__se_sys_splice %7 = alloca i64, align 8 %8 = trunc i64 %0 to i32 %9 = trunc i64 %2 to i32 %10 = trunc i64 %5 to i32 %11 = icmp eq i64 %4, 0 br i1 %11, label %417, label %12, !prof !4, !misexpect !5 %13 = icmp ugt i32 %10, 15 br i1 %13, label %417, label %14, !prof !4, !misexpect !5 %15 = tail call i64 @__fdget(i32 %8) #69 %16 = and i64 %15, -4 %17 = inttoptr i64 %16 to %struct.file.140861* %18 = icmp eq i64 %16, 0 br i1 %18, label %417, label %19 %20 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %17, i64 0, i32 8 %21 = load i32, i32* %20, align 4 %22 = and i32 %21, 1 %23 = icmp eq i32 %22, 0 br i1 %23, label %412, label %24 %25 = tail call i64 @__fdget(i32 %9) #69 %26 = and i64 %25, -4 %27 = inttoptr i64 %26 to %struct.file.140861* %28 = icmp eq i64 %26, 0 br i1 %28, label %412, label %29 %30 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 8 %31 = load i32, i32* %30, align 4 %32 = and i32 %31, 2 %33 = icmp eq i32 %32, 0 br i1 %33, label %407, label %34 %35 = bitcast i64* %7 to i8* %36 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %17) #69 %37 = tail call %struct.pipe_inode_info.140949* bitcast (%struct.pipe_inode_info.112671* (%struct.file.112786*)* @get_pipe_info to %struct.pipe_inode_info.140949* (%struct.file.140861*)*)(%struct.file.140861* nonnull %27) #69 %38 = icmp ne %struct.pipe_inode_info.140949* %36, null %39 = icmp ne %struct.pipe_inode_info.140949* %37, null %40 = and i1 %38, %39 br i1 %40, label %41, label %234 br i1 %38, label %235, label %305 %236 = icmp eq i64 %1, 0 br i1 %236, label %237, label %405 %238 = icmp eq i64 %3, 0 br i1 %238, label %247, label %239 %248 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 10 %249 = load i64, i64* %248, align 8 store i64 %249, i64* %7, align 8 br label %250 %251 = load i32, i32* %30, align 4 %252 = and i32 %251, 2 %253 = icmp eq i32 %252, 0 br i1 %253, label %405, label %254, !prof !4, !misexpect !5 %255 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %27, i64 0, i32 7 %256 = load i32, i32* %255, align 8 %257 = and i32 %256, 1024 %258 = icmp eq i32 %257, 0 br i1 %258, label %259, label %405, !prof !9, !misexpect !5 %260 = call i32 bitcast (i32 (i32, %struct.file.96774*, i64*, i64)* @rw_verify_area to i32 (i32, %struct.file.140861*, i64*, i64)*)(i32 1, %struct.file.140861* nonnull %27, i64* nonnull %7, i64 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 __ia32_sys_pread64 ------------- Path:  Function:__ia32_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 8 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_read(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 __x64_sys_pread64 ------------- Path:  Function:__x64_sys_pread64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 8 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_read(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 ksys_pread64 2 __ia32_compat_sys_x86_pread ------------- Path:  Function:__ia32_compat_sys_x86_pread %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pread64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pread64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 8 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_read(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_read 1 kernel_read 2 load_elf_library.16752 ------------- Path:  Function:load_elf_library.16752 %2 = alloca %struct.elf32_hdr, align 4 %3 = alloca i64, align 8 %4 = getelementptr inbounds %struct.elf32_hdr, %struct.elf32_hdr* %2, i64 0, i32 0, i64 0 %5 = bitcast i64* %3 to i8* store i64 0, i64* %3, align 8 %6 = call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @kernel_read to i64 (%struct.file*, i8*, i64, i64*)*)(%struct.file* %0, i8* nonnull %4, i64 52, i64* nonnull %3) #69 Function:kernel_read %5 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %5, i64 0, i32 163, i32 17, i32 0 %7 = load i64, i64* %6, align 8 store i64 -1, i64* %6, align 8 %8 = bitcast %struct.task_struct.96680* %5 to i8* %9 = getelementptr i8, i8* %8, i64 3 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %9, i8 -128, i8* %9) #6, !srcloc !5 %10 = tail call i64 @vfs_read(%struct.file.96774* %0, i8* %1, i64 %2, i64* %3) #69 Function:vfs_read %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 1 %8 = icmp eq i32 %7, 0 br i1 %8, label %58, label %9 %10 = and i32 %6, 131072 %11 = icmp eq i32 %10, 0 br i1 %11, label %58, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %58, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 0, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 __ia32_sys_pwrite64 ------------- Path:  Function:__ia32_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = inttoptr i64 %7 to i8* %15 = bitcast i64* %2 to i8* store i64 %13, i64* %2, align 8 %16 = trunc i64 %4 to i32 %17 = tail call i64 @__fdget(i32 %16) #69 %18 = and i64 %17, -4 %19 = inttoptr i64 %18 to %struct.file.96774* %20 = icmp eq i64 %18, 0 br i1 %20, label %33, label %21 %22 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %19, i64 0, i32 8 %23 = load i32, i32* %22, align 4 %24 = and i32 %23, 16 %25 = icmp eq i32 %24, 0 br i1 %25, label %28, label %26 %27 = call i64 @vfs_write(%struct.file.96774* nonnull %19, i8* %14, i64 %10, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 __x64_sys_pwrite64 ------------- Path:  Function:__x64_sys_pwrite64 %2 = alloca i64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = bitcast i64* %2 to i8* store i64 %11, i64* %2, align 8 %13 = icmp slt i64 %11, 0 br i1 %13, label %32, label %14 %15 = trunc i64 %4 to i32 %16 = tail call i64 @__fdget(i32 %15) #69 %17 = and i64 %16, -4 %18 = inttoptr i64 %17 to %struct.file.96774* %19 = icmp eq i64 %17, 0 br i1 %19, label %32, label %20 %21 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %18, i64 0, i32 8 %22 = load i32, i32* %21, align 4 %23 = and i32 %22, 16 %24 = icmp eq i32 %23, 0 br i1 %24, label %27, label %25 %26 = call i64 @vfs_write(%struct.file.96774* nonnull %18, i8* %7, i64 %9, i64* nonnull %2) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 ksys_pwrite64 2 __ia32_compat_sys_x86_pwrite ------------- Path:  Function:__ia32_compat_sys_x86_pwrite %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = shl i64 %14, 32 %18 = or i64 %17, %12 %19 = tail call i64 @ksys_pwrite64(i32 %15, i8* %16, i64 %9, i64 %18) #69 Function:ksys_pwrite64 %5 = alloca i64, align 8 store i64 %3, i64* %5, align 8 %6 = icmp slt i64 %3, 0 br i1 %6, label %24, label %7 %8 = tail call i64 @__fdget(i32 %0) #69 %9 = and i64 %8, -4 %10 = inttoptr i64 %9 to %struct.file.96774* %11 = icmp eq i64 %9, 0 br i1 %11, label %24, label %12 %13 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %10, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 16 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = call i64 @vfs_write(%struct.file.96774* nonnull %10, i8* %1, i64 %2, i64* nonnull %5) #70 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_write 1 redirected_tty_write ------------- Path:  Function:redirected_tty_write tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %11, label %7 %8 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 6, i32 0 tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; incq $0", "=*m,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i64* %8, i64* %8) #6, !srcloc !4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %5, i64 0, i32 10 %10 = tail call i64 bitcast (i64 (%struct.file.96774*, i8*, i64, i64*)* @vfs_write to i64 (%struct.file.250940*, i8*, i64, i64*)*)(%struct.file.250940* nonnull %5, i8* %1, i64 %2, i64* %9) #69 Function:vfs_write %5 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %0, i64 0, i32 8 %6 = load i32, i32* %5, align 4 %7 = and i32 %6, 2 %8 = icmp eq i32 %7, 0 br i1 %8, label %76, label %9 %10 = and i32 %6, 262144 %11 = icmp eq i32 %10, 0 br i1 %11, label %76, label %12 %13 = tail call %struct.task_struct.96680* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.96680** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.96680**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.96680, %struct.task_struct.96680* %13, i64 0, i32 163, i32 17, i32 0 %15 = load i64, i64* %14, align 8 %16 = ptrtoint i8* %1 to i64 %17 = add i64 %16, %2 %18 = icmp ult i64 %17, %2 %19 = icmp ugt i64 %17, %15 %20 = or i1 %18, %19 br i1 %20, label %76, label %21, !prof !5, !misexpect !6 %22 = tail call i32 @rw_verify_area(i32 1, %struct.file.96774* %0, i64* %3, i64 %2) #69 ------------- Good: 39 Bad: 10 Ignored: 52 Check Use of Function:sg_scsi_ioctl Use: =BAD PATH= Call Stack: 0 sg_ioctl ------------- Path:  Function:sg_ioctl %4 = alloca %struct.sg_request*, align 8 %5 = alloca %struct.wait_queue_entry, align 8 %6 = inttoptr i64 %2 to i8* %7 = inttoptr i64 %2 to i32* %8 = bitcast %struct.sg_request** %4 to i8* %9 = getelementptr inbounds %struct.file.529751, %struct.file.529751* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.sg_fd** %11 = load %struct.sg_fd*, %struct.sg_fd** %10, align 8 %12 = icmp eq %struct.sg_fd* %11, null br i1 %12, label %667, label %13 %14 = getelementptr inbounds %struct.sg_fd, %struct.sg_fd* %11, i64 0, i32 1 %15 = load %struct.sg_device*, %struct.sg_device** %14, align 8 %16 = icmp eq %struct.sg_device* %15, null br i1 %16, label %667, label %17 %18 = getelementptr inbounds %struct.file.529751, %struct.file.529751* %0, i64 0, i32 7 %19 = load i32, i32* %18, align 8 %20 = and i32 %19, 3 %21 = icmp ne i32 %20, 2 %22 = zext i1 %21 to i32 switch i32 %1, label %653 [ i32 8837, label %23 i32 8705, label %95 i32 8706, label %120 i32 8825, label %667 i32 8826, label %124 i32 8822, label %136 i32 8827, label %211 i32 8828, label %228 i32 8829, label %270 i32 8831, label %304 i32 8821, label %309 i32 8818, label %387 i32 8817, label %403 i32 8816, label %420 i32 8839, label %426 i32 8840, label %441 i32 8835, label %447 i32 8834, label %467 i32 8841, label %470 i32 8838, label %477 i32 8707, label %556 i32 1, label %574 i32 8830, label %588 i32 4711, label %603 i32 -1069018509, label %615 i32 4724, label %628 i32 4725, label %635 i32 4726, label %642 i32 21378, label %649 i32 21382, label %649 i32 21381, label %649 i32 8709, label %649 i32 8836, label %649 ] %575 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %15, i64 0, i32 7, i32 0 %576 = load volatile i32, i32* %575, align 4 %577 = icmp eq i32 %576, 0 br i1 %577, label %578, label %667 %579 = getelementptr inbounds %struct.sg_device, %struct.sg_device* %15, i64 0, i32 0 %580 = load %struct.scsi_device.529802*, %struct.scsi_device.529802** %579, align 8 %581 = getelementptr inbounds %struct.scsi_device.529802, %struct.scsi_device.529802* %580, i64 0, i32 1 %582 = load %struct.request_queue.529623*, %struct.request_queue.529623** %581, align 8 %583 = getelementptr inbounds %struct.file.529751, %struct.file.529751* %0, i64 0, i32 8 %584 = load i32, i32* %583, align 4 %585 = inttoptr i64 %2 to %struct.file_handle* %586 = tail call i32 bitcast (i32 (%struct.request_queue.282792*, %struct.gendisk.282796*, i32, %struct.file_handle*)* @sg_scsi_ioctl to i32 (%struct.request_queue.529623*, %struct.gendisk.529627*, i32, %struct.file_handle*)*)(%struct.request_queue.529623* %582, %struct.gendisk.529627* null, i32 %584, %struct.file_handle* %585) #69 ------------- Good: 2 Bad: 1 Ignored: 11 Check Use of Function:aio_complete_rw Check Use of Function:read_iter_null Check Use of Function:proc_lookup Check Use of Function:kernel_sigaction Check Use of Function:__vfs_setxattr_noperm Check Use of Function:hugetlbfs_read_iter Check Use of Function:ext4_file_read_iter Check Use of Function:read_iter_zero Check Use of Function:snapshot_get_image_size Check Use of Function:write_iter_null Check Use of Function:io_free_req Check Use of Function:__sb_start_write Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_readonly_mmap ------------- Path:  Function:generic_file_readonly_mmap %3 = getelementptr inbounds %struct.vm_area_struct.108275, %struct.vm_area_struct.108275* %1, i64 0, i32 8 %4 = load i64, i64* %3, align 8 %5 = and i64 %4, 40 %6 = icmp eq i64 %5, 40 br i1 %6, label %24, label %7 %8 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 19 %9 = load %struct.address_space.108233*, %struct.address_space.108233** %8, align 8 %10 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %9, i64 0, i32 9 %11 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %10, align 8 %12 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %11, i64 0, i32 1 %13 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %12, align 8 %14 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %13, null br i1 %14, label %24, label %15 %16 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %17, 262144 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %22 %21 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.108466*)*)(%struct.path.108466* %21) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_mmap ------------- Path:  Function:shmem_mmap %3 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 2 %4 = load %struct.inode.112777*, %struct.inode.112777** %3, align 8 %5 = getelementptr %struct.inode.112777, %struct.inode.112777* %4, i64 -1, i32 41, i32 7 %6 = bitcast i64* %5 to %struct.shmem_inode_info* %7 = getelementptr inbounds %struct.shmem_inode_info, %struct.shmem_inode_info* %6, i64 0, i32 1 %8 = load i32, i32* %7, align 4 %9 = and i32 %8, 16 %10 = icmp eq i32 %9, 0 br i1 %10, label %22, label %11 %12 = getelementptr inbounds %struct.vm_area_struct.112802, %struct.vm_area_struct.112802* %1, i64 0, i32 8 %13 = load i64, i64* %12, align 8 %14 = and i64 %13, 8 %15 = icmp eq i64 %14, 0 %16 = and i64 %13, 10 %17 = icmp eq i64 %16, 10 %18 = or i1 %17, %15 br i1 %18, label %21, label %19 br i1 %17, label %31, label %22 %23 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %24 = load i32, i32* %23, align 8 %25 = and i32 %24, 262144 %26 = icmp eq i32 %25, 0 br i1 %26, label %27, label %29 %28 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.112783*)*)(%struct.path.112783* %28) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter ------------- Path:  Function:generic_file_read_iter %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %609, label %7 %8 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %17 = load %struct.file.108469*, %struct.file.108469** %16, align 8 %18 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 19 %19 = load %struct.address_space.108233*, %struct.address_space.108233** %18, align 8 %20 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %19, i64 0, i32 0 %21 = load %struct.inode.108461*, %struct.inode.108461** %20, align 8 %22 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %21, i64 0, i32 14 %23 = load i64, i64* %22, align 8 %24 = trunc i32 %9 to i8 %25 = icmp sgt i8 %24, -1 %26 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = add i64 %5, -1 %29 = add i64 %28, %27 br i1 %25, label %55, label %30 %31 = bitcast %struct.xa_state* %3 to i8* %32 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %33 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %19, i64 0, i32 1 store %struct.xarray* %33, %struct.xarray** %32, align 8 %34 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %35 = ashr i64 %27, 12 store i64 %35, i64* %34, align 8 %36 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %37 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %38 = bitcast i8* %36 to i32* store i32 0, i32* %38, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %37, align 8 %39 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %40 = ashr i64 %29, 12 %41 = icmp slt i64 %29, %27 %42 = bitcast %struct.xa_node** %39 to i8* br i1 %41, label %43, label %44 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %45 %46 = call i8* @xas_find(%struct.xa_state* nonnull %3, i64 %40) #69 %47 = ptrtoint i8* %46 to i64 switch i64 %47, label %49 [ i64 1030, label %52 i64 1026, label %48 ] %50 = and i64 %47, 1 %51 = icmp eq i64 %50, 0 br i1 %51, label %53, label %52 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = icmp eq i8* %46, null br i1 %54, label %60, label %609 %61 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 7 %62 = load i32, i32* %61, align 8 %63 = and i32 %62, 262144 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %67 %66 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.108466*)*)(%struct.path.108466* %66) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_read_iter 2 blkdev_read_iter ------------- Path:  Function:blkdev_read_iter %3 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %4 = load %struct.file.112786*, %struct.file.112786** %3, align 8 %5 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %4, i64 0, i32 19 %6 = load %struct.address_space.112620*, %struct.address_space.112620** %5, align 8 %7 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %6, i64 0, i32 0 %8 = load %struct.inode.112777*, %struct.inode.112777** %7, align 8 %9 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %8, i64 0, i32 14 %10 = load i64, i64* %9, align 8 %11 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %12 = load i64, i64* %11, align 8 %13 = icmp sgt i64 %10, %12 br i1 %13, label %14, label %26 %15 = sub i64 %10, %12 %16 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %17 = load i64, i64* %16, align 8 %18 = icmp ugt i64 %17, %15 br i1 %18, label %19, label %21 %20 = sub i64 %17, %15 store i64 %15, i64* %16, align 8 br label %21 %22 = phi i64 [ %20, %19 ], [ 0, %14 ] %23 = tail call i64 bitcast (i64 (%struct.kiocb.108123*, %struct.iov_iter*)* @generic_file_read_iter to i64 (%struct.kiocb.112611*, %struct.iov_iter*)*)(%struct.kiocb.112611* %0, %struct.iov_iter* %1) #69 Function:generic_file_read_iter %3 = alloca %struct.xa_state, align 8 %4 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 %5 = load i64, i64* %4, align 8 %6 = icmp eq i64 %5, 0 br i1 %6, label %609, label %7 %8 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 4 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 4 %11 = icmp eq i32 %10, 0 br i1 %11, label %12, label %15 %16 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 0 %17 = load %struct.file.108469*, %struct.file.108469** %16, align 8 %18 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 19 %19 = load %struct.address_space.108233*, %struct.address_space.108233** %18, align 8 %20 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %19, i64 0, i32 0 %21 = load %struct.inode.108461*, %struct.inode.108461** %20, align 8 %22 = getelementptr inbounds %struct.inode.108461, %struct.inode.108461* %21, i64 0, i32 14 %23 = load i64, i64* %22, align 8 %24 = trunc i32 %9 to i8 %25 = icmp sgt i8 %24, -1 %26 = getelementptr inbounds %struct.kiocb.108123, %struct.kiocb.108123* %0, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = add i64 %5, -1 %29 = add i64 %28, %27 br i1 %25, label %55, label %30 %31 = bitcast %struct.xa_state* %3 to i8* %32 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 0 %33 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %19, i64 0, i32 1 store %struct.xarray* %33, %struct.xarray** %32, align 8 %34 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 1 %35 = ashr i64 %27, 12 store i64 %35, i64* %34, align 8 %36 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 2 %37 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 6 %38 = bitcast i8* %36 to i32* store i32 0, i32* %38, align 8 store %struct.xa_node* inttoptr (i64 3 to %struct.xa_node*), %struct.xa_node** %37, align 8 %39 = getelementptr inbounds %struct.xa_state, %struct.xa_state* %3, i64 0, i32 7 %40 = ashr i64 %29, 12 %41 = icmp slt i64 %29, %27 %42 = bitcast %struct.xa_node** %39 to i8* br i1 %41, label %43, label %44 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 br label %45 %46 = call i8* @xas_find(%struct.xa_state* nonnull %3, i64 %40) #69 %47 = ptrtoint i8* %46 to i64 switch i64 %47, label %49 [ i64 1030, label %52 i64 1026, label %48 ] %50 = and i64 %47, 1 %51 = icmp eq i64 %50, 0 br i1 %51, label %53, label %52 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %54 = icmp eq i8* %46, null br i1 %54, label %60, label %609 %61 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 7 %62 = load i32, i32* %61, align 8 %63 = and i32 %62, 262144 %64 = icmp eq i32 %63, 0 br i1 %64, label %65, label %67 %66 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %17, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.108466*)*)(%struct.path.108466* %66) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap ------------- Path:  Function:generic_file_mmap %3 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 19 %4 = load %struct.address_space.108233*, %struct.address_space.108233** %3, align 8 %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %4, i64 0, i32 9 %6 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %6, i64 0, i32 1 %8 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %7, align 8 %9 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.108466*)*)(%struct.path.108466* %16) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_mmap 2 nfs_file_mmap ------------- Path:  Function:nfs_file_mmap %3 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %0, i64 0, i32 2 %4 = load %struct.inode.196077*, %struct.inode.196077** %3, align 8 %5 = tail call i32 bitcast (i32 (%struct.file.108469*, %struct.vm_area_struct.108275*)* @generic_file_mmap to i32 (%struct.file.196086*, %struct.vm_area_struct.196102*)*)(%struct.file.196086* %0, %struct.vm_area_struct.196102* %1) #69 Function:generic_file_mmap %3 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 19 %4 = load %struct.address_space.108233*, %struct.address_space.108233** %3, align 8 %5 = getelementptr inbounds %struct.address_space.108233, %struct.address_space.108233* %4, i64 0, i32 9 %6 = load %struct.address_space_operations.108232*, %struct.address_space_operations.108232** %5, align 8 %7 = getelementptr inbounds %struct.address_space_operations.108232, %struct.address_space_operations.108232* %6, i64 0, i32 1 %8 = load i32 (%struct.file.108469*, %struct.page.108237*)*, i32 (%struct.file.108469*, %struct.page.108237*)** %7, align 8 %9 = icmp eq i32 (%struct.file.108469*, %struct.page.108237*)* %8, null br i1 %9, label %19, label %10 %11 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 7 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, 262144 %14 = icmp eq i32 %13, 0 br i1 %14, label %15, label %17 %16 = getelementptr inbounds %struct.file.108469, %struct.file.108469* %0, i64 0, i32 1 tail call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.108466*)*)(%struct.path.108466* %16) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 shmem_file_read_iter ------------- Path:  Function:shmem_file_read_iter %3 = alloca %struct.page.112623*, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 2 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 %8 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %7, i64 0, i32 9 %9 = load %struct.address_space.112620*, %struct.address_space.112620** %8, align 8 %10 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 1 %11 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 0 %12 = load i32, i32* %11, align 8 %13 = and i32 %12, -2 %14 = icmp eq i32 %13, 4 %15 = xor i1 %14, true %16 = zext i1 %15 to i32 %17 = load i64, i64* %10, align 8 %18 = ashr i64 %17, 12 %19 = and i64 %17, 4095 %20 = bitcast %struct.page.112623** %3 to i8* store %struct.page.112623* null, %struct.page.112623** %3, align 8 %21 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %7, i64 0, i32 14 %22 = load i64, i64* %21, align 8 %23 = ashr i64 %22, 12 %24 = icmp ugt i64 %18, %23 br i1 %24, label %133, label %25 %26 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %9, i64 0, i32 3, i32 0 %27 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %1, i64 0, i32 2 br label %28 %29 = phi i64 [ %23, %25 ], [ %126, %123 ] %30 = phi i64 [ %22, %25 ], [ %125, %123 ] %31 = phi i64 [ %18, %25 ], [ %103, %123 ] %32 = phi i64 [ %19, %25 ], [ %104, %123 ] %33 = phi i64 [ 0, %25 ], [ %100, %123 ] %34 = icmp ne i64 %31, %29 %35 = and i64 %30, 4095 %36 = icmp ugt i64 %35, %32 %37 = or i1 %34, %36 br i1 %37, label %38, label %128 %39 = load %struct.address_space.112620*, %struct.address_space.112620** %8, align 8 %40 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %39, i64 0, i32 2 %41 = load i32, i32* %40, align 8 %42 = call fastcc i32 @shmem_getpage_gfp(%struct.inode.112777* %7, i64 %31, %struct.page.112623** nonnull %3, i32 %16, i32 %41, %struct.vm_area_struct.112802* null, i32* null) #69 switch i32 %42, label %128 [ i32 0, label %43 i32 -22, label %133 ] %134 = phi i32 [ 0, %71 ], [ 0, %58 ], [ 0, %57 ], [ 0, %2 ], [ %129, %128 ], [ 0, %38 ] %135 = phi i64 [ %33, %71 ], [ %33, %58 ], [ %33, %57 ], [ 0, %2 ], [ %130, %128 ], [ %33, %38 ] %136 = phi i64 [ %32, %71 ], [ %32, %58 ], [ %32, %57 ], [ %19, %2 ], [ %131, %128 ], [ %32, %38 ] %137 = phi i64 [ %31, %71 ], [ %31, %58 ], [ %31, %57 ], [ %18, %2 ], [ %132, %128 ], [ %31, %38 ] %138 = shl i64 %137, 12 %139 = add i64 %138, %136 store i64 %139, i64* %10, align 8 %140 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 7 %141 = load i32, i32* %140, align 8 %142 = and i32 %141, 262144 %143 = icmp eq i32 %142, 0 br i1 %143, label %144, label %146 %145 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 1 tail call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.112783*)*)(%struct.path.112783* %145) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 %82 = trunc i64 %81 to i32 %83 = icmp sgt i32 %82, 0 br i1 %83, label %84, label %91 %85 = load i64, i64* %69, align 8 store i64 %85, i64* %1, align 8 %86 = load i32, i32* %13, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %97 %90 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.140509*)*)(%struct.path.140509* %90) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 %82 = trunc i64 %81 to i32 %83 = icmp sgt i32 %82, 0 br i1 %83, label %84, label %91 %85 = load i64, i64* %69, align 8 store i64 %85, i64* %1, align 8 %86 = load i32, i32* %13, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %97 %90 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.140509*)*)(%struct.path.140509* %90) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 %82 = trunc i64 %81 to i32 %83 = icmp sgt i32 %82, 0 br i1 %83, label %84, label %91 %85 = load i64, i64* %69, align 8 store i64 %85, i64* %1, align 8 %86 = load i32, i32* %13, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %97 %90 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.140509*)*)(%struct.path.140509* %90) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 %82 = trunc i64 %81 to i32 %83 = icmp sgt i32 %82, 0 br i1 %83, label %84, label %91 %85 = load i64, i64* %69, align 8 store i64 %85, i64* %1, align 8 %86 = load i32, i32* %13, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %97 %90 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.140509*)*)(%struct.path.140509* %90) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 touch_atime 1 generic_file_splice_read 2 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.250973** %8 = load %struct.socket.250973*, %struct.socket.250973** %7, align 8 %9 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %8, i64 0, i32 5 %10 = load %struct.proto_ops.250972*, %struct.proto_ops.250972** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.250972, %struct.proto_ops.250972* %10, i64 0, i32 22 %12 = load i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)*, i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.140861*, i64*, %struct.pipe_inode_info.140949*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.250940*, i64*, %struct.pipe_inode_info.250930*, i64, i32)*)(%struct.file.250940* %0, i64* %1, %struct.pipe_inode_info.250930* %2, i64 %3, i32 %4) #69 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 %82 = trunc i64 %81 to i32 %83 = icmp sgt i32 %82, 0 br i1 %83, label %84, label %91 %85 = load i64, i64* %69, align 8 store i64 %85, i64* %1, align 8 %86 = load i32, i32* %13, align 8 %87 = and i32 %86, 262144 %88 = icmp eq i32 %87, 0 br i1 %88, label %89, label %97 %90 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 1 call void bitcast (void (%struct.path.136573*)* @touch_atime to void (%struct.path.140509*)*)(%struct.path.140509* %90) #69 Function:touch_atime %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 0 %4 = load %struct.vfsmount.136907*, %struct.vfsmount.136907** %3, align 8 %5 = getelementptr inbounds %struct.path.136573, %struct.path.136573* %0, i64 0, i32 1 %6 = load %struct.dentry.136910*, %struct.dentry.136910** %5, align 8 %7 = getelementptr inbounds %struct.dentry.136910, %struct.dentry.136910* %6, i64 0, i32 5 %8 = load %struct.inode.136922*, %struct.inode.136922** %7, align 8 %9 = bitcast %struct.anon.54* %2 to i8* %10 = tail call zeroext i1 @atime_needs_update(%struct.path.136573* %0, %struct.inode.136922* %8) #69 br i1 %10, label %11, label %34 %12 = getelementptr inbounds %struct.inode.136922, %struct.inode.136922* %8, i64 0, i32 8 %13 = load %struct.super_block.136906*, %struct.super_block.136906** %12, align 8 %14 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.136906*, i32, i1)*)(%struct.super_block.136906* %13, i32 1, i1 zeroext false) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_compat_sys_ftruncate ------------- Path:  Function:__ia32_compat_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.42746, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.43183* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.43178*, %struct.dentry.43178** %16, align 8 %18 = getelementptr inbounds %struct.dentry.43178, %struct.dentry.43178* %17, i64 0, i32 5 %19 = load %struct.inode.43174*, %struct.inode.43174** %18, align 8 %20 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 2 %36 = load %struct.inode.43174*, %struct.inode.43174** %35, align 8 %37 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 8 %43 = load %struct.super_block.43169*, %struct.super_block.43169** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.43169*, i32, i1)*)(%struct.super_block.43169* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_sys_ftruncate ------------- Path:  Function:__ia32_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = tail call i64 @do_sys_ftruncate(i32 %7, i64 %6, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.42746, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.43183* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.43178*, %struct.dentry.43178** %16, align 8 %18 = getelementptr inbounds %struct.dentry.43178, %struct.dentry.43178* %17, i64 0, i32 5 %19 = load %struct.inode.43174*, %struct.inode.43174** %18, align 8 %20 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 2 %36 = load %struct.inode.43174*, %struct.inode.43174** %35, align 8 %37 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 8 %43 = load %struct.super_block.43169*, %struct.super_block.43169** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.43169*, i32, i1)*)(%struct.super_block.43169* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __x64_sys_ftruncate ------------- Path:  Function:__x64_sys_ftruncate %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = tail call i64 @do_sys_ftruncate(i32 %6, i64 %5, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.42746, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.43183* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.43178*, %struct.dentry.43178** %16, align 8 %18 = getelementptr inbounds %struct.dentry.43178, %struct.dentry.43178* %17, i64 0, i32 5 %19 = load %struct.inode.43174*, %struct.inode.43174** %18, align 8 %20 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 2 %36 = load %struct.inode.43174*, %struct.inode.43174** %35, align 8 %37 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 8 %43 = load %struct.super_block.43169*, %struct.super_block.43169** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.43169*, i32, i1)*)(%struct.super_block.43169* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sys_ftruncate 1 __ia32_compat_sys_x86_ftruncate64 ------------- Path:  Function:__ia32_compat_sys_x86_ftruncate64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = shl i64 %8, 32 %11 = or i64 %10, %6 %12 = tail call i64 @do_sys_ftruncate(i32 %9, i64 %11, i32 1) #69 Function:do_sys_ftruncate %4 = alloca %struct.iattr.42746, align 8 %5 = icmp slt i64 %1, 0 br i1 %5, label %94, label %6 %7 = tail call i64 @__fdget(i32 %0) #69 %8 = and i64 %7, -4 %9 = inttoptr i64 %8 to %struct.file.43183* %10 = icmp eq i64 %8, 0 br i1 %10, label %94, label %11 %12 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = trunc i32 %13 to i16 %15 = icmp sgt i16 %14, -1 %16 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 1, i32 1 %17 = load %struct.dentry.43178*, %struct.dentry.43178** %16, align 8 %18 = getelementptr inbounds %struct.dentry.43178, %struct.dentry.43178* %17, i64 0, i32 5 %19 = load %struct.inode.43174*, %struct.inode.43174** %18, align 8 %20 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 0 %21 = load i16, i16* %20, align 8 %22 = and i16 %21, -4096 %23 = icmp eq i16 %22, -32768 br i1 %23, label %24, label %89 %25 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 8 %26 = load i32, i32* %25, align 4 %27 = and i32 %26, 2 %28 = icmp eq i32 %27, 0 br i1 %28, label %89, label %29 %30 = icmp ne i32 %2, 0 %31 = and i1 %30, %15 %32 = icmp ugt i64 %1, 2147483647 %33 = and i1 %32, %31 br i1 %33, label %89, label %34 %35 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %9, i64 0, i32 2 %36 = load %struct.inode.43174*, %struct.inode.43174** %35, align 8 %37 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %36, i64 0, i32 4 %38 = load i32, i32* %37, align 4 %39 = and i32 %38, 4 %40 = icmp eq i32 %39, 0 br i1 %40, label %41, label %89 %42 = getelementptr inbounds %struct.inode.43174, %struct.inode.43174* %19, i64 0, i32 8 %43 = load %struct.super_block.43169*, %struct.super_block.43169** %42, align 8 %44 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.43169*, i32, i1)*)(%struct.super_block.43169* %43, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __ia32_sys_ioctl ------------- Path:  Function:__ia32_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.134820* %14 = icmp eq i64 %12, 0 br i1 %14, label %25, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.134820*, i32, i64)*)(%struct.file.134820* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %20 %19 = tail call i32 @do_vfs_ioctl(%struct.file.134820* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %224 = inttoptr i64 %3 to i8* %225 = bitcast %struct.sched_info* %6 to i8* %226 = call i64 @_copy_from_user(i8* nonnull %225, i8* %224, i64 32) #69 %227 = icmp eq i64 %226, 0 br i1 %227, label %228, label %264 %229 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %230 = load i64, i64* %229, align 8 %231 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %232 = load i64, i64* %231, align 8 %233 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %234 = load i64, i64* %233, align 8 %235 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %236 = load i64, i64* %235, align 8 %237 = trunc i64 %230 to i32 %238 = call i64 @__fdget(i32 %237) #69 %239 = and i64 %238, -4 %240 = inttoptr i64 %239 to %struct.file.134820* %241 = icmp eq i64 %239, 0 br i1 %241, label %264, label %242 %243 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %240, i64 0, i32 1, i32 0 %244 = load %struct.vfsmount*, %struct.vfsmount** %243, align 8 %245 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 1, i32 0 %246 = load %struct.vfsmount*, %struct.vfsmount** %245, align 8 %247 = icmp eq %struct.vfsmount* %244, %246 br i1 %247, label %248, label %259 %249 = call i64 bitcast (i64 (%struct.file.96774*, i64, %struct.file.96774*, i64, i64, i32)* @vfs_clone_file_range to i64 (%struct.file.134820*, i64, %struct.file.134820*, i64, i64, i32)*)(%struct.file.134820* nonnull %240, i64 %232, %struct.file.134820* %0, i64 %236, i64 %234, i32 0) #69 Function:vfs_clone_file_range %7 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %2, i64 0, i32 2 %8 = load %struct.inode.96765*, %struct.inode.96765** %7, align 8 %9 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, -32768 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 8 %15 = load %struct.super_block.96752*, %struct.super_block.96752** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.96752*, i32, i1)*)(%struct.super_block.96752* %15, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __x64_sys_ioctl ------------- Path:  Function:__x64_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = tail call i64 @__fdget(i32 %8) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.134820* %13 = icmp eq i64 %11, 0 br i1 %13, label %24, label %14 %15 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.134820*, i32, i64)*)(%struct.file.134820* nonnull %12, i32 %9, i64 %7) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %19 %18 = tail call i32 @do_vfs_ioctl(%struct.file.134820* nonnull %12, i32 %8, i32 %9, i64 %7) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %224 = inttoptr i64 %3 to i8* %225 = bitcast %struct.sched_info* %6 to i8* %226 = call i64 @_copy_from_user(i8* nonnull %225, i8* %224, i64 32) #69 %227 = icmp eq i64 %226, 0 br i1 %227, label %228, label %264 %229 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %230 = load i64, i64* %229, align 8 %231 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %232 = load i64, i64* %231, align 8 %233 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %234 = load i64, i64* %233, align 8 %235 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %236 = load i64, i64* %235, align 8 %237 = trunc i64 %230 to i32 %238 = call i64 @__fdget(i32 %237) #69 %239 = and i64 %238, -4 %240 = inttoptr i64 %239 to %struct.file.134820* %241 = icmp eq i64 %239, 0 br i1 %241, label %264, label %242 %243 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %240, i64 0, i32 1, i32 0 %244 = load %struct.vfsmount*, %struct.vfsmount** %243, align 8 %245 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 1, i32 0 %246 = load %struct.vfsmount*, %struct.vfsmount** %245, align 8 %247 = icmp eq %struct.vfsmount* %244, %246 br i1 %247, label %248, label %259 %249 = call i64 bitcast (i64 (%struct.file.96774*, i64, %struct.file.96774*, i64, i64, i32)* @vfs_clone_file_range to i64 (%struct.file.134820*, i64, %struct.file.134820*, i64, i64, i32)*)(%struct.file.134820* nonnull %240, i64 %232, %struct.file.134820* %0, i64 %236, i64 %234, i32 0) #69 Function:vfs_clone_file_range %7 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %2, i64 0, i32 2 %8 = load %struct.inode.96765*, %struct.inode.96765** %7, align 8 %9 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, -32768 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 8 %15 = load %struct.super_block.96752*, %struct.super_block.96752** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.96752*, i32, i1)*)(%struct.super_block.96752* %15, i32 1, i1 zeroext true) #69 ------------- Use: =BAD PATH= Call Stack: 0 vfs_clone_file_range 1 do_vfs_ioctl 2 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %894 = tail call i32 bitcast (i32 (%struct.file.134820*, i32, i32, i64)* @do_vfs_ioctl to i32 (%struct.file.723*, i32, i32, i64)*)(%struct.file.723* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %224 = inttoptr i64 %3 to i8* %225 = bitcast %struct.sched_info* %6 to i8* %226 = call i64 @_copy_from_user(i8* nonnull %225, i8* %224, i64 32) #69 %227 = icmp eq i64 %226, 0 br i1 %227, label %228, label %264 %229 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 0 %230 = load i64, i64* %229, align 8 %231 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 1 %232 = load i64, i64* %231, align 8 %233 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 2 %234 = load i64, i64* %233, align 8 %235 = getelementptr inbounds %struct.sched_info, %struct.sched_info* %6, i64 0, i32 3 %236 = load i64, i64* %235, align 8 %237 = trunc i64 %230 to i32 %238 = call i64 @__fdget(i32 %237) #69 %239 = and i64 %238, -4 %240 = inttoptr i64 %239 to %struct.file.134820* %241 = icmp eq i64 %239, 0 br i1 %241, label %264, label %242 %243 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %240, i64 0, i32 1, i32 0 %244 = load %struct.vfsmount*, %struct.vfsmount** %243, align 8 %245 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 1, i32 0 %246 = load %struct.vfsmount*, %struct.vfsmount** %245, align 8 %247 = icmp eq %struct.vfsmount* %244, %246 br i1 %247, label %248, label %259 %249 = call i64 bitcast (i64 (%struct.file.96774*, i64, %struct.file.96774*, i64, i64, i32)* @vfs_clone_file_range to i64 (%struct.file.134820*, i64, %struct.file.134820*, i64, i64, i32)*)(%struct.file.134820* nonnull %240, i64 %232, %struct.file.134820* %0, i64 %236, i64 %234, i32 0) #69 Function:vfs_clone_file_range %7 = getelementptr inbounds %struct.file.96774, %struct.file.96774* %2, i64 0, i32 2 %8 = load %struct.inode.96765*, %struct.inode.96765** %7, align 8 %9 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 0 %10 = load i16, i16* %9, align 8 %11 = and i16 %10, -4096 %12 = icmp eq i16 %11, -32768 br i1 %12, label %13, label %17 %14 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %8, i64 0, i32 8 %15 = load %struct.super_block.96752*, %struct.super_block.96752** %14, align 8 %16 = tail call i32 bitcast (i32 (%struct.super_block.132006*, i32, i1)* @__sb_start_write to i32 (%struct.super_block.96752*, i32, i1)*)(%struct.super_block.96752* %15, i32 1, i1 zeroext true) #69 ------------- Good: 49 Bad: 19 Ignored: 77 Check Use of Function:gen_replace_estimator Check Use of Function:generic_file_write_iter Check Use of Function:pipe_write Check Use of Function:devkmsg_write Check Use of Function:drm_prime_destroy_file_private Check Use of Function:__d_lookup_done Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.136422* %0, %struct.dentry.136422* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 5 %5 = load %struct.inode.136434*, %struct.inode.136434** %4, align 8 %6 = icmp eq %struct.inode.136434* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.15202, i64 0, i64 0), i32 2811, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 139) #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.136422* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.136422* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %12, i64 0, i32 3 %14 = load %struct.dentry.136422*, %struct.dentry.136422** %13, align 8 %15 = icmp eq %struct.dentry.136422* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %23 = load %struct.dentry.136422*, %struct.dentry.136422** %22, align 8 br label %24 %25 = phi %struct.dentry.136422* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %25, i64 0, i32 3 %27 = load %struct.dentry.136422*, %struct.dentry.136422** %26, align 8 %28 = icmp eq %struct.dentry.136422* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.136422* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.136422* %23, %0 %34 = icmp eq %struct.dentry.136422* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %43 = load %struct.dentry.136422*, %struct.dentry.136422** %42, align 8 %44 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #69 br label %56 %57 = phi %struct.dentry.136422* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #69 br label %60 %61 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #69 %65 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %71 = load %struct.dentry.136422*, %struct.dentry.136422** %70, align 8 %72 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %71, i64 0, i32 5 %73 = load %struct.inode.136434*, %struct.inode.136434** %72, align 8 %74 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %73, i64 0, i32 43 %75 = bitcast %union.anon.79* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.136422* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.136422* %0, %struct.dentry.136422* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 5 %5 = load %struct.inode.136434*, %struct.inode.136434** %4, align 8 %6 = icmp eq %struct.inode.136434* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.15202, i64 0, i64 0), i32 2811, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 139) #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.136422* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.136422* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %12, i64 0, i32 3 %14 = load %struct.dentry.136422*, %struct.dentry.136422** %13, align 8 %15 = icmp eq %struct.dentry.136422* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %23 = load %struct.dentry.136422*, %struct.dentry.136422** %22, align 8 br label %24 %25 = phi %struct.dentry.136422* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %25, i64 0, i32 3 %27 = load %struct.dentry.136422*, %struct.dentry.136422** %26, align 8 %28 = icmp eq %struct.dentry.136422* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.136422* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.136422* %23, %0 %34 = icmp eq %struct.dentry.136422* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %43 = load %struct.dentry.136422*, %struct.dentry.136422** %42, align 8 %44 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #69 br label %56 %57 = phi %struct.dentry.136422* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #69 br label %60 %61 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #69 %65 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %71 = load %struct.dentry.136422*, %struct.dentry.136422** %70, align 8 %72 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %71, i64 0, i32 5 %73 = load %struct.inode.136434*, %struct.inode.136434** %72, align 8 %74 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %73, i64 0, i32 43 %75 = bitcast %union.anon.79* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.136422* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_move 1 d_move 2 nfs_rename ------------- Path:  Function:nfs_rename %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 5 %9 = load %struct.inode.195275*, %struct.inode.195275** %8, align 8 %10 = icmp eq i32 %4, 0 br i1 %10, label %11, label %166 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %12)) #6 to label %34 [label %12], !srcloc !4 %35 = icmp eq %struct.inode.195275* %9, null br i1 %35, label %62, label %36 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %9, i64 0, i32 0 %38 = load i16, i16* %37, align 8 %39 = and i16 %38, -4096 %40 = icmp eq i16 %39, 16384 br i1 %40, label %62, label %41 %42 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 2, i32 1 %43 = load %struct.hlist_bl_node**, %struct.hlist_bl_node*** %42, align 8 %44 = icmp eq %struct.hlist_bl_node** %43, null br i1 %44, label %46, label %45 %47 = phi %struct.dentry.195278* [ null, %41 ], [ %3, %45 ] %48 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 7, i32 0 %49 = bitcast %struct.anon.1* %48 to %struct.swap_cluster_info* %50 = getelementptr inbounds %struct.swap_cluster_info, %struct.swap_cluster_info* %49, i64 0, i32 1 %51 = load i32, i32* %50, align 4 %52 = icmp ugt i32 %51, 2 br i1 %52, label %53, label %62 %54 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 3 %55 = load %struct.dentry.195278*, %struct.dentry.195278** %54, align 8 %56 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %3, i64 0, i32 4 %57 = tail call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_alloc to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*)*)(%struct.dentry.195278* %55, %struct.qstr* %56) #69 %58 = icmp eq %struct.dentry.195278* %57, null br i1 %58, label %101, label %59 %60 = tail call i32 bitcast (i32 (%struct.inode.203037*, %struct.dentry.203041*)* @nfs_sillyrename to i32 (%struct.inode.195275*, %struct.dentry.195278*)*)(%struct.inode.195275* %2, %struct.dentry.195278* %3) #69 %61 = icmp eq i32 %60, 0 br i1 %61, label %62, label %101 %102 = phi %struct.inode.195275* [ %63, %76 ], [ %63, %91 ], [ %63, %87 ], [ %63, %82 ], [ %9, %59 ], [ %9, %53 ] %103 = phi %struct.dentry.195278* [ %64, %76 ], [ %64, %91 ], [ %64, %87 ], [ %64, %82 ], [ %57, %59 ], [ null, %53 ] %104 = phi %struct.dentry.195278* [ %65, %76 ], [ %65, %91 ], [ %65, %87 ], [ %65, %82 ], [ %47, %59 ], [ %47, %53 ] %105 = phi %struct.dentry.195278* [ %66, %76 ], [ %66, %91 ], [ %66, %87 ], [ %66, %82 ], [ %3, %59 ], [ %3, %53 ] %106 = phi i32 [ %78, %76 ], [ 0, %91 ], [ %89, %87 ], [ %80, %82 ], [ -16, %59 ], [ -16, %53 ] %107 = icmp eq %struct.dentry.195278* %104, null br i1 %107, label %109, label %108 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_rename_exit to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_rename, %110)) #6 to label %132 [label %110], !srcloc !4 switch i32 %106, label %163 [ i32 0, label %133 i32 -2, label %155 ] %134 = icmp eq %struct.inode.195275* %102, null br i1 %134, label %150, label %135 tail call void bitcast (void (%struct.dentry.136422*, %struct.dentry.136422*)* @d_move to void (%struct.dentry.195278*, %struct.dentry.195278*)*)(%struct.dentry.195278* %1, %struct.dentry.195278* %105) #69 Function:d_move tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 1, i32 0, i32 0)) #69 %3 = load i32, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 %4 = add i32 %3, 1 store i32 %4, i32* getelementptr inbounds (%struct.seqlock_t, %struct.seqlock_t* @rename_lock, i64 0, i32 0, i32 0), align 64 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 tail call fastcc void @__d_move(%struct.dentry.136422* %0, %struct.dentry.136422* %1, i1 zeroext false) #70 Function:__d_move %4 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 5 %5 = load %struct.inode.136434*, %struct.inode.136434** %4, align 8 %6 = icmp eq %struct.inode.136434* %5, null br i1 %6, label %7, label %8, !prof !4, !misexpect !5 tail call void asm sideeffect "1:\09.byte 0x0f, 0x0b\0A.pushsection __bug_table,\22aw\22\0A2:\09.long 1b - 2b\09# bug_entry::bug_addr\0A\09.long ${0:c} - 2b\09# bug_entry::file\0A\09.word ${1:c}\09# bug_entry::line\0A\09.word ${2:c}\09# bug_entry::flags\0A\09.org 2b+${3:c}\0A.popsection", "i,i,i,i,~{dirflag},~{fpsr},~{flags}"(i8* getelementptr inbounds ([12 x i8], [12 x i8]* @.str.2.15202, i64 0, i64 0), i32 2811, i32 2305, i64 12) #6, !srcloc !6 tail call void asm sideeffect "${0:c}:\0A\09.pushsection .discard.reachable\0A\09.long ${0:c}b - .\0A\09.popsection\0A\09", "i,~{dirflag},~{fpsr},~{flags}"(i32 139) #6, !srcloc !7 br label %8 %9 = icmp eq %struct.dentry.136422* %0, %1 br i1 %9, label %10, label %11, !prof !4, !misexpect !5 %12 = phi %struct.dentry.136422* [ %14, %16 ], [ %0, %8 ] %13 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %12, i64 0, i32 3 %14 = load %struct.dentry.136422*, %struct.dentry.136422** %13, align 8 %15 = icmp eq %struct.dentry.136422* %12, %14 br i1 %15, label %21, label %16 %22 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %23 = load %struct.dentry.136422*, %struct.dentry.136422** %22, align 8 br label %24 %25 = phi %struct.dentry.136422* [ %1, %21 ], [ %27, %29 ] %26 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %25, i64 0, i32 3 %27 = load %struct.dentry.136422*, %struct.dentry.136422** %26, align 8 %28 = icmp eq %struct.dentry.136422* %25, %27 br i1 %28, label %31, label %29 %32 = phi %struct.dentry.136422* [ %25, %29 ], [ null, %24 ] %33 = icmp eq %struct.dentry.136422* %23, %0 %34 = icmp eq %struct.dentry.136422* %32, null br i1 %33, label %35, label %40 br i1 %34, label %41, label %46 %42 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %43 = load %struct.dentry.136422*, %struct.dentry.136422** %42, align 8 %44 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %43, i64 0, i32 7, i32 0 %45 = bitcast %struct.anon.1* %44 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %45) #69 br label %56 %57 = phi %struct.dentry.136422* [ %39, %37 ], [ %55, %53 ], [ %23, %41 ] %58 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %57, i64 0, i32 7, i32 0 %59 = bitcast %struct.anon.1* %58 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %59) #69 br label %60 %61 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %62 = bitcast %struct.anon.1* %61 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %62) #69 %63 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 7, i32 0 %64 = bitcast %struct.anon.1* %63 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %64) #69 %65 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 0 %66 = load i32, i32* %65, align 8 %67 = and i32 %66, 268435456 %68 = icmp eq i32 %67, 0 br i1 %68, label %87, label %69, !prof !10, !misexpect !5 %70 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %1, i64 0, i32 3 %71 = load %struct.dentry.136422*, %struct.dentry.136422** %70, align 8 %72 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %71, i64 0, i32 5 %73 = load %struct.inode.136434*, %struct.inode.136434** %72, align 8 %74 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %73, i64 0, i32 43 %75 = bitcast %union.anon.79* %74 to i32* br label %76 %77 = load i32, i32* %75, align 8 %78 = and i32 %77, 1 %79 = icmp eq i32 %78, 0 br i1 %79, label %80, label %84 %81 = add i32 %77, 1 %82 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %75, i32 %81, i32 %77, i32* %75) #6, !srcloc !17 %83 = icmp eq i32 %82, %77 br i1 %83, label %85, label %84 tail call void @__d_lookup_done(%struct.dentry.136422* %1) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 9 %11 = load %struct.super_block.139747*, %struct.super_block.139747** %10, align 8 %12 = getelementptr inbounds %struct.super_block.139747, %struct.super_block.139747* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.139778*, %struct.dentry_operations.139778** %12, align 16 %14 = icmp eq %struct.dentry_operations.139778* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.139777*, %struct.inode.139773*)*)(%struct.dentry.139777* %1, %struct.inode.139773* null) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 9 %11 = load %struct.super_block.139747*, %struct.super_block.139747** %10, align 8 %12 = getelementptr inbounds %struct.super_block.139747, %struct.super_block.139747* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.139778*, %struct.dentry_operations.139778** %12, align 16 %14 = icmp eq %struct.dentry_operations.139778* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.139777*, %struct.inode.139773*)*)(%struct.dentry.139777* %1, %struct.inode.139773* null) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 9 %11 = load %struct.super_block.139747*, %struct.super_block.139747** %10, align 8 %12 = getelementptr inbounds %struct.super_block.139747, %struct.super_block.139747* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.139778*, %struct.dentry_operations.139778** %12, align 16 %14 = icmp eq %struct.dentry_operations.139778* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.139777*, %struct.inode.139773*)*)(%struct.dentry.139777* %1, %struct.inode.139773* null) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 simple_lookup ------------- Path:  Function:simple_lookup %4 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 4, i32 0 %5 = bitcast %struct.anon.1* %4 to %struct.util_est* %6 = getelementptr inbounds %struct.util_est, %struct.util_est* %5, i64 0, i32 1 %7 = load i32, i32* %6, align 4 %8 = icmp ugt i32 %7, 255 br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.dentry.139777, %struct.dentry.139777* %1, i64 0, i32 9 %11 = load %struct.super_block.139747*, %struct.super_block.139747** %10, align 8 %12 = getelementptr inbounds %struct.super_block.139747, %struct.super_block.139747* %11, i64 0, i32 40 %13 = load %struct.dentry_operations.139778*, %struct.dentry_operations.139778** %12, align 16 %14 = icmp eq %struct.dentry_operations.139778* %13, null br i1 %14, label %15, label %16 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.139777*, %struct.inode.139773*)*)(%struct.dentry.139777* %1, %struct.inode.139773* null) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.195278*, %struct.inode.195275*)*)(%struct.dentry.195278* %2, %struct.inode.195275* %5) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.195278*, %struct.inode.195275*)*)(%struct.dentry.195278* %2, %struct.inode.195275* %5) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __d_add 1 d_add 2 nfs_link ------------- Path:  Function:nfs_link %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_link_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_link, %6)) #6 to label %28 [label %6], !srcloc !4 tail call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %2) #69 %29 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %5, i64 0, i32 0 %30 = load i16, i16* %29, align 8 %31 = and i16 %30, -4096 %32 = icmp eq i16 %31, -32768 br i1 %32, label %33, label %35 %34 = tail call i32 bitcast (i32 (%struct.inode.197661*)* @nfs_sync_inode to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 br label %35 %36 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %1, i64 0, i32 8 %37 = load %struct.super_block.195272*, %struct.super_block.195272** %36, align 8 %38 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %37, i64 0, i32 28 %39 = bitcast i8** %38 to %struct.nfs_server.195427** %40 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %39, align 32 %41 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %40, i64 0, i32 0 %42 = load %struct.nfs_client.195422*, %struct.nfs_client.195422** %41, align 8 %43 = getelementptr inbounds %struct.nfs_client.195422, %struct.nfs_client.195422* %42, i64 0, i32 12 %44 = load %struct.nfs_rpc_ops.195404*, %struct.nfs_rpc_ops.195404** %43, align 8 %45 = getelementptr inbounds %struct.nfs_rpc_ops.195404, %struct.nfs_rpc_ops.195404* %44, i64 0, i32 23 %46 = load i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)*, i32 (%struct.inode.195275*, %struct.inode.195275*, %struct.qstr*)** %45, align 8 %47 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 4 %48 = tail call i32 %46(%struct.inode.195275* %5, %struct.inode.195275* %1, %struct.qstr* %47) #69 %49 = icmp eq i32 %48, 0 br i1 %49, label %50, label %51 tail call void bitcast (void (%struct.inode.136922*)* @ihold to void (%struct.inode.195275*)*)(%struct.inode.195275* %5) #69 tail call void bitcast (void (%struct.dentry.136422*, %struct.inode.136434*)* @d_add to void (%struct.dentry.195278*, %struct.inode.195275*)*)(%struct.dentry.195278* %2, %struct.inode.195275* %5) #69 Function:d_add %3 = icmp eq %struct.inode.136434* %1, null br i1 %3, label %6, label %4 tail call fastcc void @__d_add(%struct.dentry.136422* %0, %struct.inode.136434* %1) #70 Function:__d_add %3 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 7, i32 0 %4 = bitcast %struct.anon.1* %3 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %4) #69 %5 = getelementptr %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 0 %6 = load i32, i32* %5, align 8 %7 = and i32 %6, 268435456 %8 = icmp eq i32 %7, 0 br i1 %8, label %27, label %9, !prof !4, !misexpect !5 %10 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %0, i64 0, i32 3 %11 = load %struct.dentry.136422*, %struct.dentry.136422** %10, align 8 %12 = getelementptr inbounds %struct.dentry.136422, %struct.dentry.136422* %11, i64 0, i32 5 %13 = load %struct.inode.136434*, %struct.inode.136434** %12, align 8 %14 = getelementptr inbounds %struct.inode.136434, %struct.inode.136434* %13, i64 0, i32 43 %15 = bitcast %union.anon.79* %14 to i32* br label %16 %17 = load i32, i32* %15, align 8 %18 = and i32 %17, 1 %19 = icmp eq i32 %18, 0 br i1 %19, label %20, label %24 %21 = add i32 %17, 1 %22 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; cmpxchgl $2,$1", "={ax},=*m,r,0,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i32* %15, i32 %21, i32 %17, i32* %15) #6, !srcloc !6 %23 = icmp eq i32 %22, %17 br i1 %23, label %25, label %24 tail call void @__d_lookup_done(%struct.dentry.136422* %0) #70 ------------- Good: 79 Bad: 10 Ignored: 117 Check Use of Function:drm_gem_release Check Use of Function:random_write_iter Check Use of Function:qdisc_lookup Check Use of Function:io_complete_rw_iopoll Check Use of Function:io_import_iovec Check Use of Function:io_complete_rw Check Use of Function:nla_strcmp Check Use of Function:loop_rw_iter Check Use of Function:__io_submit_sqe Check Use of Function:proc_misc_d_revalidate Check Use of Function:unlock_device_hotplug Check Use of Function:free_all_swap_pages Check Use of Function:hibernation_platform_enter Check Use of Function:destroy_workqueue Check Use of Function:swsusp_swap_in_use Check Use of Function:cgroup_do_get_tree Check Use of Function:logfc Check Use of Function:ida_free Use: =BAD PATH= Call Stack: 0 eventfd_release ------------- Path:  Function:eventfd_release %3 = getelementptr inbounds %struct.file.43183, %struct.file.43183* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.eventfd_ctx** %5 = load %struct.eventfd_ctx*, %struct.eventfd_ctx** %4, align 8 %6 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 1 tail call void @__wake_up(%struct.wait_queue_head* %6, i32 3, i32 1, i8* nonnull inttoptr (i64 16 to i8*)) #69 %7 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0 %8 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0, i32 0, i32 0, i32 0 %9 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %8, i32 -1, i32* %8) #6, !srcloc !4 %10 = icmp eq i32 %9, 1 br i1 %10, label %16, label %11 %17 = getelementptr inbounds %struct.eventfd_ctx, %struct.eventfd_ctx* %5, i64 0, i32 0 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %18 = getelementptr inbounds %struct.qspinlock, %struct.qspinlock* %17, i64 11, i32 0, i32 0, i32 0 %19 = load i32, i32* %18, align 4 %20 = icmp sgt i32 %19, -1 br i1 %20, label %21, label %22 tail call void @ida_free(%struct.ida* nonnull @eventfd_ida, i32 %19) #69 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir ------------- Path:  Function:proc_readdir %3 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 2 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.162986* %0, %struct.dir_context* %1, %struct.proc_dir_entry.163004* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.163001*, %struct.dentry.163001** %9, align 8 %11 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %10, i64 0, i32 5 %12 = load %struct.inode.162997*, %struct.inode.162997** %11, align 8 %13 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.17211, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.163001*, %struct.dentry.163001** %21, align 8 %23 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 3 %26 = load %struct.dentry.163001*, %struct.dentry.163001** %25, align 8 %27 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %26, i64 0, i32 5 %28 = load %struct.inode.162997*, %struct.inode.162997** %27, align 8 %29 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.17212, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry.163004* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry.163004* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry.163004* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 1 %67 = getelementptr inbounds %union.anon.21, %union.anon.21* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%union.anon.21* %66, i32 %75) #69 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 22 %81 = load i8, i8* %80, align 2 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #69 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %98 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #69 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry.163004* %103 = select i1 %100, %struct.proc_dir_entry.163004* null, %struct.proc_dir_entry.163004* %102 tail call void @pde_put(%struct.proc_dir_entry.163004* nonnull %65) #70 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 1 %3 = getelementptr inbounds %union.anon.21, %union.anon.21* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_readdir 3 proc_root_readdir ------------- Path:  Function:proc_root_readdir %3 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %4 = load i64, i64* %3, align 8 %5 = icmp slt i64 %4, 256 br i1 %5, label %6, label %10 %7 = tail call i32 bitcast (i32 (%struct.file.162986*, %struct.dir_context*)* @proc_readdir to i32 (%struct.file.162265*, %struct.dir_context*)*)(%struct.file.162265* %0, %struct.dir_context* %1) #69 Function:proc_readdir %3 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 2 %4 = load %struct.inode.162997*, %struct.inode.162997** %3, align 8 %5 = getelementptr %struct.inode.162997, %struct.inode.162997* %4, i64 -1, i32 41, i32 13 %6 = getelementptr inbounds %struct.list_head, %struct.list_head* %5, i64 1, i32 1 %7 = bitcast %struct.list_head** %6 to %struct.proc_dir_entry.163004** %8 = load %struct.proc_dir_entry.163004*, %struct.proc_dir_entry.163004** %7, align 8 %9 = tail call i32 @proc_readdir_de(%struct.file.162986* %0, %struct.dir_context* %1, %struct.proc_dir_entry.163004* %8) #69 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.163001*, %struct.dentry.163001** %9, align 8 %11 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %10, i64 0, i32 5 %12 = load %struct.inode.162997*, %struct.inode.162997** %11, align 8 %13 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.17211, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.163001*, %struct.dentry.163001** %21, align 8 %23 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 3 %26 = load %struct.dentry.163001*, %struct.dentry.163001** %25, align 8 %27 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %26, i64 0, i32 5 %28 = load %struct.inode.162997*, %struct.inode.162997** %27, align 8 %29 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.17212, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry.163004* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry.163004* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry.163004* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 1 %67 = getelementptr inbounds %union.anon.21, %union.anon.21* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%union.anon.21* %66, i32 %75) #69 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 22 %81 = load i8, i8* %80, align 2 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #69 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %98 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #69 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry.163004* %103 = select i1 %100, %struct.proc_dir_entry.163004* null, %struct.proc_dir_entry.163004* %102 tail call void @pde_put(%struct.proc_dir_entry.163004* nonnull %65) #70 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 1 %3 = getelementptr inbounds %union.anon.21, %union.anon.21* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 pde_put 1 proc_readdir_de 2 proc_tgid_net_readdir ------------- Path:  Function:proc_tgid_net_readdir %3 = getelementptr inbounds %struct.file.168371, %struct.file.168371* %0, i64 0, i32 2 %4 = load %struct.inode.168362*, %struct.inode.168362** %3, align 8 %5 = tail call fastcc %struct.net.168292* @get_proc_task_net(%struct.inode.168362* %4) #69 %6 = icmp eq %struct.net.168292* %5, null br i1 %6, label %21, label %7 %8 = getelementptr inbounds %struct.net.168292, %struct.net.168292* %5, i64 0, i32 17 %9 = load %struct.proc_dir_entry.168189*, %struct.proc_dir_entry.168189** %8, align 32 %10 = tail call i32 bitcast (i32 (%struct.file.162986*, %struct.dir_context*, %struct.proc_dir_entry.163004*)* @proc_readdir_de to i32 (%struct.file.168371*, %struct.dir_context*, %struct.proc_dir_entry.168189*)*)(%struct.file.168371* %0, %struct.dir_context* %1, %struct.proc_dir_entry.168189* %9) #70 Function:proc_readdir_de %4 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %5 = load i64, i64* %4, align 8 switch i64 %5, label %35 [ i64 0, label %6 i64 1, label %18 ] %7 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %8 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %7, align 8 %9 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %10 = load %struct.dentry.163001*, %struct.dentry.163001** %9, align 8 %11 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %10, i64 0, i32 5 %12 = load %struct.inode.162997*, %struct.inode.162997** %11, align 8 %13 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %12, i64 0, i32 11 %14 = load i64, i64* %13, align 8 %15 = tail call i32 %8(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.4.17211, i64 0, i64 0), i32 1, i64 0, i64 %14, i32 4) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %107 store i64 1, i64* %4, align 8 br label %18 %19 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %20 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %19, align 8 %21 = getelementptr inbounds %struct.file.162986, %struct.file.162986* %0, i64 0, i32 1, i32 1 %22 = load %struct.dentry.163001*, %struct.dentry.163001** %21, align 8 %23 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 7, i32 0 %24 = bitcast %struct.anon.1* %23 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %24) #69 %25 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %22, i64 0, i32 3 %26 = load %struct.dentry.163001*, %struct.dentry.163001** %25, align 8 %27 = getelementptr inbounds %struct.dentry.163001, %struct.dentry.163001* %26, i64 0, i32 5 %28 = load %struct.inode.162997*, %struct.inode.162997** %27, align 8 %29 = getelementptr inbounds %struct.inode.162997, %struct.inode.162997* %28, i64 0, i32 11 %30 = load i64, i64* %29, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %31 = bitcast %struct.anon.1* %23 to i8* store volatile i8 0, i8* %31, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %32 = tail call i32 %20(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.5.17212, i64 0, i64 0), i32 2, i64 1, i64 %30, i32 4) #69 %33 = icmp eq i32 %32, 0 br i1 %33, label %34, label %107 store i64 2, i64* %4, align 8 br label %35 %36 = phi i64 [ 2, %34 ], [ %5, %3 ] tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %37 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %2, i64 0, i32 18 %38 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %37) #69 %39 = icmp eq %struct.rb_node* %38, null %40 = getelementptr %struct.rb_node, %struct.rb_node* %38, i64 -6, i32 1 %41 = icmp eq %struct.rb_node** %40, null %42 = or i1 %39, %41 br i1 %42, label %47, label %43 %44 = bitcast %struct.rb_node** %40 to %struct.proc_dir_entry.163004* %45 = trunc i64 %36 to i32 %46 = add i32 %45, -2 br label %49 %50 = phi i32 [ %61, %55 ], [ %46, %43 ] %51 = phi %struct.proc_dir_entry.163004* [ %62, %55 ], [ %44, %43 ] %52 = icmp eq i32 %50, 0 br i1 %52, label %53, label %55 %54 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 br label %64 %65 = phi %struct.proc_dir_entry.163004* [ %103, %95 ], [ %51, %53 ] %66 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 1 %67 = getelementptr inbounds %union.anon.21, %union.anon.21* %66, i64 0, i32 0, i32 0 %68 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %67, i32 1, i32* %67) #6, !srcloc !8 %69 = icmp eq i32 %68, 0 br i1 %69, label %74, label %70, !prof !9, !misexpect !10 %71 = add i32 %68, 1 %72 = or i32 %71, %68 %73 = icmp sgt i32 %72, -1 br i1 %73, label %76, label %74, !prof !11, !misexpect !10 %75 = phi i32 [ 2, %64 ], [ 1, %70 ] tail call void @refcount_warn_saturate(%union.anon.21* %66, i32 %75) #69 br label %76 %77 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0), i32 -512, i32* getelementptr inbounds (%struct.rwlock_t, %struct.rwlock_t* @proc_subdir_lock, i64 0, i32 0, i32 0, i32 0, i32 0)) #6, !srcloc !6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %78 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 20 %79 = load i8*, i8** %78, align 8 %80 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 22 %81 = load i8, i8* %80, align 2 %82 = zext i8 %81 to i32 %83 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 12 %84 = load i32, i32* %83, align 4 %85 = zext i32 %84 to i64 %86 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 21 %87 = load i16, i16* %86, align 8 %88 = lshr i16 %87, 12 %89 = zext i16 %88 to i32 %90 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %54, align 8 %91 = load i64, i64* %4, align 8 %92 = tail call i32 %90(%struct.dir_context* %1, i8* %79, i32 %82, i64 %91, i64 %85, i32 %89) #69 %93 = icmp eq i32 %92, 0 br i1 %93, label %95, label %94 %96 = load i64, i64* %4, align 8 %97 = add i64 %96, 1 store i64 %97, i64* %4, align 8 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @proc_subdir_lock) #69 %98 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %65, i64 0, i32 19 %99 = tail call %struct.rb_node* @rb_next(%struct.rb_node* %98) #69 %100 = icmp eq %struct.rb_node* %99, null %101 = getelementptr %struct.rb_node, %struct.rb_node* %99, i64 -6, i32 1 %102 = bitcast %struct.rb_node** %101 to %struct.proc_dir_entry.163004* %103 = select i1 %100, %struct.proc_dir_entry.163004* null, %struct.proc_dir_entry.163004* %102 tail call void @pde_put(%struct.proc_dir_entry.163004* nonnull %65) #70 Function:pde_put %2 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 1 %3 = getelementptr inbounds %union.anon.21, %union.anon.21* %2, i64 0, i32 0, i32 0 %4 = tail call i32 asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; xaddl $0, $1\0A", "=r,=*m,0,*m,~{memory},~{cc},~{dirflag},~{fpsr},~{flags}"(i32* %3, i32 -1, i32* %3) #6, !srcloc !4 %5 = icmp eq i32 %4, 1 br i1 %5, label %11, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %12 = getelementptr inbounds %struct.proc_dir_entry.163004, %struct.proc_dir_entry.163004* %0, i64 0, i32 12 %13 = load i32, i32* %12, align 4 %14 = add i32 %13, 268435456 tail call void @ida_free(%struct.ida* nonnull @proc_inum_ida, i32 %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_write_done ------------- Path:  Function:nfs4_write_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %44 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 2, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.217178* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.217178, %struct.nfs_lock_context.217178* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.217178, %struct.nfs_lock_context.217178* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.217177*, %struct.nfs_open_context.217177** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.217177, %struct.nfs_open_context.217177* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #69 %28 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.217206** %30 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.217206* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.217206* %77) #69 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.217206* %0, null br i1 %2, label %48, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%union.anon.21* %6, %struct.spinlock* %7) #69 br i1 %8, label %9, label %48 %10 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %17 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 2 %18 = bitcast %struct.list_head* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = inttoptr i64 %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %22, label %25 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %26, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 3 %28 = load %struct.nfs4_state_owner.217172*, %struct.nfs4_state_owner.217172** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_state_owner.217172, %struct.nfs4_state_owner.217172* %28, i64 0, i32 0 %30 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 2 %32 = load volatile i64, i64* %31, align 8 %33 = and i64 %32, 1 %34 = icmp eq i64 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %30, i64 0, i32 44 %44 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 3, i32 1 %45 = load i32, i32* %44, align 8 tail call void @ida_free(%struct.ida* %43, i32 %45) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_put_lock_state 1 nfs4_select_rw_stateid 2 nfs4_read_done ------------- Path:  Function:nfs4_read_done %3 = alloca %struct.nfs4_stateid_struct, align 4 %4 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 21, i32 0, i32 0 %5 = load %struct.nfs4_slot.215544*, %struct.nfs4_slot.215544** %4, align 8 %6 = icmp eq %struct.nfs4_slot.215544* %5, null br i1 %6, label %16, label %7 %17 = getelementptr inbounds %struct.rpc_task.196911, %struct.rpc_task.196911* %0, i64 0, i32 1 %18 = load i32, i32* %17, align 4 switch i32 %18, label %46 [ i32 -10087, label %19 i32 -10047, label %19 i32 -10025, label %19 i32 -10023, label %19 i32 -10024, label %19 i32 -10038, label %19 i32 -10011, label %19 ] %20 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 4 %21 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 2 %22 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %21, align 8 %23 = getelementptr inbounds %struct.nfs_pgio_header.215580, %struct.nfs_pgio_header.215580* %1, i64 0, i32 20, i32 3 %24 = load %struct.nfs_lock_context.215563*, %struct.nfs_lock_context.215563** %23, align 8 %25 = bitcast %struct.nfs4_stateid_struct* %3 to i8* %26 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %22, i64 0, i32 5 %27 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %26, align 8 %28 = call i32 bitcast (i32 (%struct.nfs4_state.217176*, i32, %struct.nfs_lock_context.217178*, %struct.nfs4_stateid_struct*, %struct.cred**)* @nfs4_select_rw_stateid to i32 (%struct.nfs4_state.215561*, i32, %struct.nfs_lock_context.215563*, %struct.nfs4_stateid_struct*, %struct.cred**)*)(%struct.nfs4_state.215561* %27, i32 1, %struct.nfs_lock_context.215563* %24, %struct.nfs4_stateid_struct* nonnull %3, %struct.cred** null) #69 Function:nfs4_select_rw_stateid %6 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 5 %7 = load volatile i64, i64* %6, align 8 %8 = and i64 %7, 512 %9 = icmp eq i64 %8, 0 br i1 %9, label %10, label %129 %11 = icmp eq %struct.cred** %4, null br i1 %11, label %13, label %12 %14 = icmp eq %struct.nfs_lock_context.217178* %2, null br i1 %14, label %81, label %15 %16 = load volatile i64, i64* %6, align 8 %17 = and i64 %16, 1 %18 = icmp eq i64 %17, 0 br i1 %18, label %81, label %19 %20 = getelementptr inbounds %struct.nfs_lock_context.217178, %struct.nfs_lock_context.217178* %2, i64 0, i32 3 %21 = load i8*, i8** %20, align 8 %22 = getelementptr inbounds %struct.nfs_lock_context.217178, %struct.nfs_lock_context.217178* %2, i64 0, i32 2 %23 = load %struct.nfs_open_context.217177*, %struct.nfs_open_context.217177** %22, align 8 %24 = getelementptr inbounds %struct.nfs_open_context.217177, %struct.nfs_open_context.217177* %23, i64 0, i32 1 %25 = load i8*, i8** %24, align 8 %26 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 6 %27 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %26, i64 0, i32 0, i32 0 tail call void @_raw_spin_lock(%struct.raw_spinlock* %27) #69 %28 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 2 %29 = bitcast %struct.list_head* %28 to %struct.nfs4_lock_state.217206** %30 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %28 br i1 %32, label %76, label %33 %77 = phi %struct.nfs4_lock_state.217206* [ %47, %69 ], [ %47, %65 ], [ %47, %60 ], [ null, %46 ], [ null, %19 ] %78 = phi i1 [ false, %69 ], [ false, %65 ], [ true, %60 ], [ false, %46 ], [ false, %19 ] %79 = phi i32 [ 0, %69 ], [ -2, %65 ], [ -5, %60 ], [ -2, %46 ], [ -2, %19 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !8 %80 = bitcast %struct.spinlock* %26 to i8* store volatile i8 0, i8* %80, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 tail call void @nfs4_put_lock_state(%struct.nfs4_lock_state.217206* %77) #69 Function:nfs4_put_lock_state %2 = icmp eq %struct.nfs4_lock_state.217206* %0, null br i1 %2, label %48, label %3 %4 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 1 %5 = load %struct.nfs4_state.217176*, %struct.nfs4_state.217176** %4, align 8 %6 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 5 %7 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 6 %8 = tail call zeroext i1 @refcount_dec_and_lock(%union.anon.21* %6, %struct.spinlock* %7) #69 br i1 %8, label %9, label %48 %10 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 0, i32 1 %11 = load %struct.list_head*, %struct.list_head** %10, align 8 %12 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 0, i32 0 %13 = load %struct.list_head*, %struct.list_head** %12, align 8 %14 = getelementptr inbounds %struct.list_head, %struct.list_head* %13, i64 0, i32 1 store %struct.list_head* %11, %struct.list_head** %14, align 8 %15 = ptrtoint %struct.list_head* %13 to i64 %16 = bitcast %struct.list_head* %11 to i64* store volatile i64 %15, i64* %16, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606080 to %struct.list_head*), %struct.list_head** %12, align 8 store %struct.list_head* inttoptr (i64 -2401263026318606046 to %struct.list_head*), %struct.list_head** %10, align 8 %17 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 2 %18 = bitcast %struct.list_head* %17 to i64* %19 = load volatile i64, i64* %18, align 8 %20 = inttoptr i64 %19 to %struct.list_head* %21 = icmp eq %struct.list_head* %17, %20 br i1 %21, label %22, label %25 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %26 = bitcast %struct.spinlock* %7 to i8* store volatile i8 0, i8* %26, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %27 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %5, i64 0, i32 3 %28 = load %struct.nfs4_state_owner.217172*, %struct.nfs4_state_owner.217172** %27, align 8 %29 = getelementptr inbounds %struct.nfs4_state_owner.217172, %struct.nfs4_state_owner.217172* %28, i64 0, i32 0 %30 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 2 %32 = load volatile i64, i64* %31, align 8 %33 = and i64 %32, 1 %34 = icmp eq i64 %33, 0 br i1 %34, label %42, label %35 %43 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %30, i64 0, i32 44 %44 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %0, i64 0, i32 3, i32 1 %45 = load i32, i32* %44, align 8 tail call void @ida_free(%struct.ida* %43, i32 %45) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_set_lock_state 1 nfs4_proc_unlck 2 nfs4_proc_lock ------------- Path:  Function:nfs4_proc_lock %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %0, i64 0, i32 16 %6 = bitcast i8** %5 to %struct.nfs_open_context.215562** %7 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %6, align 8 %8 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %7, i64 0, i32 5 %9 = load %struct.nfs4_state.215561*, %struct.nfs4_state.215561** %8, align 8 %10 = icmp eq i32 %1, 5 br i1 %10, label %11, label %15 %16 = and i32 %1, -2 %17 = icmp eq i32 %16, 6 br i1 %17, label %18, label %138 %19 = getelementptr inbounds %struct.file_lock.195318, %struct.file_lock.195318* %2, i64 0, i32 7 %20 = load i8, i8* %19, align 4 %21 = icmp eq i8 %20, 2 %22 = icmp eq %struct.nfs4_state.215561* %9, null br i1 %21, label %23, label %26 br i1 %22, label %138, label %24 %25 = tail call fastcc i32 @nfs4_proc_unlck(%struct.nfs4_state.215561* nonnull %9, %struct.file_lock.195318* %2) #69 Function:nfs4_proc_unlck %3 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %0, i64 0, i32 4 %4 = load %struct.inode.195275*, %struct.inode.195275** %3, align 8 %5 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %0, i64 0, i32 3 %6 = load %struct.nfs4_state_owner.215557*, %struct.nfs4_state_owner.215557** %5, align 8 %7 = getelementptr %struct.inode.195275, %struct.inode.195275* %4, i64 -1, i32 15, i32 1 %8 = getelementptr inbounds %struct.file_lock.195318, %struct.file_lock.195318* %1, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = tail call i32 bitcast (i32 (%struct.nfs4_state.217176*, %struct.file_lock.195318*)* @nfs4_set_lock_state to i32 (%struct.nfs4_state.215561*, %struct.file_lock.195318*)*)(%struct.nfs4_state.215561* %0, %struct.file_lock.195318* %1) #69 Function:nfs4_set_lock_state %3 = getelementptr inbounds %struct.file_lock.195318, %struct.file_lock.195318* %1, i64 0, i32 17 %4 = load %struct.file_lock_operations.195314*, %struct.file_lock_operations.195314** %3, align 8 %5 = icmp eq %struct.file_lock_operations.195314* %4, null br i1 %5, label %6, label %116 %7 = getelementptr inbounds %struct.file_lock.195318, %struct.file_lock.195318* %1, i64 0, i32 5 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 6 %10 = getelementptr inbounds %struct.spinlock, %struct.spinlock* %9, i64 0, i32 0, i32 0 %11 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 2 %12 = bitcast %struct.list_head* %11 to %struct.nfs4_lock_state.217206** %13 = bitcast %struct.spinlock* %9 to i8* %14 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 3 br label %15 %16 = phi %struct.nfs4_lock_state.217206* [ null, %6 ], [ %64, %95 ] tail call void @_raw_spin_lock(%struct.raw_spinlock* %10) #69 %17 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %12, align 8 %18 = getelementptr %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %17, i64 0, i32 0 %19 = icmp eq %struct.list_head* %18, %11 br i1 %19, label %47, label %20 %21 = phi %struct.nfs4_lock_state.217206* [ %30, %26 ], [ %17, %15 ] %22 = phi %struct.nfs4_lock_state.217206* [ %28, %26 ], [ null, %15 ] %23 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %21, i64 0, i32 6 %24 = load i8*, i8** %23, align 8 %25 = icmp eq i8* %24, %8 br i1 %25, label %33, label %26 %27 = icmp eq i8* %24, null %28 = select i1 %27, %struct.nfs4_lock_state.217206* %21, %struct.nfs4_lock_state.217206* %22 %29 = bitcast %struct.nfs4_lock_state.217206* %21 to %struct.nfs4_lock_state.217206** %30 = load %struct.nfs4_lock_state.217206*, %struct.nfs4_lock_state.217206** %29, align 8 %31 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %30, i64 0, i32 0 %32 = icmp eq %struct.list_head* %31, %11 br i1 %32, label %33, label %20 %34 = phi %struct.nfs4_lock_state.217206* [ %28, %26 ], [ %21, %20 ] %35 = icmp eq %struct.nfs4_lock_state.217206* %34, null br i1 %35, label %47, label %36 %48 = icmp eq %struct.nfs4_lock_state.217206* %16, null br i1 %48, label %58, label %49 %50 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %16, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %17, i64 0, i32 0, i32 1 store %struct.list_head* %50, %struct.list_head** %51, align 8 %52 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %16, i64 0, i32 0, i32 0 store %struct.list_head* %18, %struct.list_head** %52, align 8 %53 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %16, i64 0, i32 0, i32 1 store %struct.list_head* %11, %struct.list_head** %53, align 8 %54 = ptrtoint %struct.nfs4_lock_state.217206* %16 to i64 %55 = bitcast %struct.list_head* %11 to i64* store volatile i64 %54, i64* %55, align 8 %56 = getelementptr inbounds %struct.nfs4_state.217176, %struct.nfs4_state.217176* %0, i64 0, i32 5 %57 = bitcast i64* %56 to i8* tail call void asm sideeffect ".pushsection .smp_locks,\22a\22\0A.balign 4\0A.long 671f - .\0A.popsection\0A671:\0A\09lock; orb $1,$0", "=*m,iq,*m,~{memory},~{dirflag},~{fpsr},~{flags}"(i8* %57, i8 1, i8* %57) #6, !srcloc !8 br label %100 %101 = phi %struct.nfs4_lock_state.217206* [ %16, %49 ], [ %34, %46 ], [ %34, %42 ], [ %34, %41 ] %102 = phi %struct.nfs4_lock_state.217206* [ null, %49 ], [ %16, %46 ], [ %16, %42 ], [ %16, %41 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !9 store volatile i8 0, i8* %13, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !10 %103 = icmp eq %struct.nfs4_lock_state.217206* %102, null br i1 %103, label %113, label %104 %105 = load %struct.nfs4_state_owner.217172*, %struct.nfs4_state_owner.217172** %14, align 8 %106 = getelementptr inbounds %struct.nfs4_state_owner.217172, %struct.nfs4_state_owner.217172* %105, i64 0, i32 0 %107 = load %struct.nfs_server.217143*, %struct.nfs_server.217143** %106, align 8 %108 = getelementptr inbounds %struct.nfs_server.217143, %struct.nfs_server.217143* %107, i64 0, i32 44 %109 = getelementptr inbounds %struct.nfs4_lock_state.217206, %struct.nfs4_lock_state.217206* %102, i64 0, i32 3, i32 1 %110 = load i32, i32* %109, align 8 tail call void @ida_free(%struct.ida* %108, i32 %110) #69 ------------- Good: 113 Bad: 7 Ignored: 91 Check Use of Function:check_cgroupfs_options Check Use of Function:mmc_ioctl_cdrom_start_stop Check Use of Function:cgroup_lock_and_drain_offline Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.88834* %0, i8* %1, i64 %2, i1 zeroext true) #69 Function:__cgroup1_procs_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file.88834, %struct.kernfs_open_file.88834* %0, i64 0, i32 0 %7 = load %struct.kernfs_node.88840*, %struct.kernfs_node.88840** %6, align 8 %8 = tail call %struct.cgroup.88849* bitcast (%struct.cgroup.87854* (%struct.kernfs_node.87605*, i1)* @cgroup_kn_lock_live to %struct.cgroup.88849* (%struct.kernfs_node.88840*, i1)*)(%struct.kernfs_node.88840* %7, i1 zeroext false) #69 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node.87605, %struct.kernfs_node.87605* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node.87605* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node.87605, %struct.kernfs_node.87605* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup.87854** %14 = load %struct.cgroup.87854*, %struct.cgroup.87854** %13, align 8 %15 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 tail call void bitcast (void (%struct.kernfs_node.112412*)* @kernfs_break_active_protection to void (%struct.kernfs_node.87605*)*)(%struct.kernfs_node.87605* %0) #69 br i1 %1, label %43, label %44 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup.87854* %14) #70 ------------- Use: =BAD PATH= Call Stack: 0 cgroup_kn_lock_live 1 __cgroup1_procs_write 2 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.88834* %0, i8* %1, i64 %2, i1 zeroext false) #69 Function:__cgroup1_procs_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file.88834, %struct.kernfs_open_file.88834* %0, i64 0, i32 0 %7 = load %struct.kernfs_node.88840*, %struct.kernfs_node.88840** %6, align 8 %8 = tail call %struct.cgroup.88849* bitcast (%struct.cgroup.87854* (%struct.kernfs_node.87605*, i1)* @cgroup_kn_lock_live to %struct.cgroup.88849* (%struct.kernfs_node.88840*, i1)*)(%struct.kernfs_node.88840* %7, i1 zeroext false) #69 Function:cgroup_kn_lock_live %3 = getelementptr inbounds %struct.kernfs_node.87605, %struct.kernfs_node.87605* %0, i64 0, i32 10 %4 = load i16, i16* %3, align 8 %5 = and i16 %4, 15 %6 = icmp eq i16 %5, 1 br i1 %6, label %10, label %7 %11 = phi %struct.kernfs_node.87605* [ %9, %7 ], [ %0, %2 ] %12 = getelementptr inbounds %struct.kernfs_node.87605, %struct.kernfs_node.87605* %11, i64 0, i32 8 %13 = bitcast i8** %12 to %struct.cgroup.87854** %14 = load %struct.cgroup.87854*, %struct.cgroup.87854** %13, align 8 %15 = getelementptr inbounds %struct.cgroup.87854, %struct.cgroup.87854* %14, i64 0, i32 0, i32 7 %16 = load i32, i32* %15, align 4 %17 = and i32 %16, 1 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %42 tail call void bitcast (void (%struct.kernfs_node.112412*)* @kernfs_break_active_protection to void (%struct.kernfs_node.87605*)*)(%struct.kernfs_node.87605* %0) #69 br i1 %1, label %43, label %44 tail call void @cgroup_lock_and_drain_offline(%struct.cgroup.87854* %14) #70 ------------- Good: 3 Bad: 2 Ignored: 21 Check Use of Function:perf_kprobe_init Check Use of Function:find_task_by_vpid Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __ia32_compat_sys_move_pages ------------- Path:  Function:__ia32_compat_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = trunc i64 %5 to i32 %20 = inttoptr i64 %9 to i32* %21 = inttoptr i64 %12 to i32* %22 = inttoptr i64 %15 to i32* %23 = trunc i64 %17 to i32 %24 = shl nuw nsw i64 %6, 3 %25 = tail call i8* @compat_alloc_user_space(i64 %24) #69 %26 = bitcast i8* %25 to i8** %27 = icmp eq i32 %19, 0 br i1 %27, label %51, label %30 %31 = phi i32 [ %50, %28 ], [ 0, %1 ] %33 = sext i32 %31 to i64 %34 = getelementptr i32, i32* %20, i64 %33 %35 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %34, i64 4, i64 %32) #6, !srcloc !4 %36 = extractvalue { i32*, i64, i64 } %35, 0 %37 = extractvalue { i32*, i64, i64 } %35, 2 %38 = ptrtoint i32* %36 to i64 %39 = and i64 %38, 4294967295 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %54, !prof !5, !misexpect !6 %42 = extractvalue { i32*, i64, i64 } %35, 1 %43 = and i64 %42, 4294967295 %44 = inttoptr i64 %43 to i8* %45 = getelementptr i8*, i8** %26, i64 %33 %46 = tail call i8* asm sideeffect "call __put_user_8", "={ax},0,{cx},~{ebx},~{dirflag},~{fpsr},~{flags}"(i8* %44, i8** %45) #6, !srcloc !7 %47 = ptrtoint i8* %46 to i64 %48 = and i64 %47, 4294967295 %49 = icmp eq i64 %48, 0 %50 = add nuw i32 %31, 1 br i1 %49, label %28, label %54, !prof !5, !misexpect !6 %29 = icmp eq i32 %50, %19 br i1 %29, label %51, label %30 %52 = tail call fastcc i32 @kernel_move_pages(i32 %18, i64 %6, i8** %26, i32* %21, i32* %22, i32 %23) #69 Function:kernel_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.list_head, align 8 %11 = and i32 %5, -7 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %428 %14 = and i32 %5, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %0, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __ia32_sys_move_pages ------------- Path:  Function:__ia32_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = and i64 %14, 4294967295 %16 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %17 = load i64, i64* %16, align 8 %18 = trunc i64 %3 to i32 %19 = inttoptr i64 %9 to i8** %20 = inttoptr i64 %12 to i32* %21 = inttoptr i64 %15 to i32* %22 = trunc i64 %17 to i32 %23 = tail call fastcc i32 @kernel_move_pages(i32 %18, i64 %6, i8** %19, i32* %20, i32* %21, i32 %22) #69 Function:kernel_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.list_head, align 8 %11 = and i32 %5, -7 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %428 %14 = and i32 %5, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %0, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_move_pages 1 __x64_sys_move_pages ------------- Path:  Function:__x64_sys_move_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i8*** %8 = load i8**, i8*** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i32** %11 = load i32*, i32** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = bitcast i64* %12 to i32** %14 = load i32*, i32** %13, align 8 %15 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 8 %16 = load i64, i64* %15, align 8 %17 = trunc i64 %3 to i32 %18 = trunc i64 %16 to i32 %19 = tail call fastcc i32 @kernel_move_pages(i32 %17, i64 %5, i8** %8, i32* %11, i32* %14, i32 %18) #69 Function:kernel_move_pages %7 = alloca [16 x i8*], align 16 %8 = alloca [16 x i32], align 16 %9 = alloca %struct.cpumask, align 8 %10 = alloca %struct.list_head, align 8 %11 = and i32 %5, -7 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %428 %14 = and i32 %5, 4 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %0, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __ia32_compat_sys_migrate_pages ------------- Path:  Function:__ia32_compat_sys_migrate_pages %2 = alloca %struct.cpumask, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %4 to i32 %14 = inttoptr i64 %12 to i32* %15 = bitcast %struct.cpumask* %2 to i8* %16 = add i64 %6, 4294967295 %17 = and i64 %16, 4294967295 %18 = icmp ult i64 %17, 64 %19 = select i1 %18, i64 %17, i64 64 %20 = add nuw nsw i64 %19, 63 %21 = lshr i64 %20, 3 %22 = and i64 %21, 24 %23 = icmp eq i64 %9, 0 br i1 %23, label %41, label %24 %25 = inttoptr i64 %9 to i32* %26 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %27 = call i64 @compat_get_bitmap(i64* nonnull %26, i32* nonnull %25, i64 %19) #69 %28 = icmp eq i64 %27, 0 br i1 %28, label %29, label %64 %30 = icmp eq i64 %12, 0 %31 = xor i1 %30, true %32 = zext i1 %31 to i64 %33 = shl nuw nsw i64 %22, %32 %34 = call i8* @compat_alloc_user_space(i64 %33) #69 %35 = bitcast i8* %34 to i64* %36 = lshr i64 %20, 6 %37 = getelementptr i64, i64* %35, i64 %36 %38 = select i1 %30, i64* null, i64* %37 %39 = call i64 @_copy_to_user(i8* %34, i8* nonnull %15, i64 %22) #69 %40 = icmp eq i64 %39, 0 br i1 %40, label %41, label %64 %42 = phi i64* [ %38, %29 ], [ null, %1 ] %43 = phi i64* [ %35, %29 ], [ null, %1 ] %44 = icmp eq i64 %12, 0 br i1 %44, label %59, label %45 %46 = getelementptr inbounds %struct.cpumask, %struct.cpumask* %2, i64 0, i32 0, i64 0 %47 = call i64 @compat_get_bitmap(i64* nonnull %46, i32* nonnull %14, i64 %19) #69 %48 = icmp eq i64 %47, 0 br i1 %48, label %49, label %64 %50 = icmp eq i64* %42, null br i1 %50, label %51, label %54 %52 = call i8* @compat_alloc_user_space(i64 %22) #69 %53 = bitcast i8* %52 to i64* br label %54 %55 = phi i64* [ %53, %51 ], [ %42, %49 ] %56 = bitcast i64* %55 to i8* %57 = call i64 @_copy_to_user(i8* %56, i8* nonnull %15, i64 %22) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %59, label %64 %60 = phi i64* [ %55, %54 ], [ %42, %41 ] %61 = add nuw nsw i64 %19, 1 %62 = call fastcc i32 @kernel_migrate_pages(i32 %13, i64 %61, i64* %43, i64* %60) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %81 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __ia32_sys_migrate_pages ------------- Path:  Function:__ia32_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %3 to i32 %14 = inttoptr i64 %9 to i64* %15 = inttoptr i64 %12 to i64* %16 = tail call fastcc i32 @kernel_migrate_pages(i32 %13, i64 %6, i64* %14, i64* %15) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %81 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 kernel_migrate_pages 1 __x64_sys_migrate_pages ------------- Path:  Function:__x64_sys_migrate_pages %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = bitcast i64* %6 to i64** %8 = load i64*, i64** %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i64** %11 = load i64*, i64** %10, align 8 %12 = trunc i64 %3 to i32 %13 = tail call fastcc i32 @kernel_migrate_pages(i32 %12, i64 %5, i64* %8, i64* %11) #69 Function:kernel_migrate_pages %5 = alloca %struct.nodemask_scratch, align 8 %6 = bitcast %struct.nodemask_scratch* %5 to i8* %7 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 0 %8 = getelementptr inbounds %struct.nodemask_scratch, %struct.nodemask_scratch* %5, i64 0, i32 1 %9 = call fastcc i32 @get_nodes(%struct.cpumask* nonnull %7, i64* %2, i64 %1) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %11, label %81 %12 = call fastcc i32 @get_nodes(%struct.cpumask* %8, i64* %3, i64 %1) #69 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %0) #70 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __ia32_sys_ioprio_set ------------- Path:  Function:__ia32_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = ashr i32 %6, 13 %8 = and i32 %6, 8191 switch i32 %7, label %237 [ i32 1, label %9 i32 2, label %11 i32 3, label %15 i32 0, label %13 ] %14 = icmp eq i32 %8, 0 br i1 %14, label %15, label %237 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %235 [ i32 1, label %16 i32 2, label %54 i32 3, label %141 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %18, label %20 %21 = tail call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_set 1 __x64_sys_ioprio_set ------------- Path:  Function:__x64_sys_ioprio_set %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_ioprio_set(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_ioprio_set %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = ashr i32 %6, 13 %8 = and i32 %6, 8191 switch i32 %7, label %237 [ i32 1, label %9 i32 2, label %11 i32 3, label %15 i32 0, label %13 ] %14 = icmp eq i32 %8, 0 br i1 %14, label %15, label %237 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %4, label %235 [ i32 1, label %16 i32 2, label %54 i32 3, label %141 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %18, label %20 %21 = tail call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __ia32_sys_ioprio_get ------------- Path:  Function:__ia32_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %4, i64 %7) #69 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %223 [ i32 1, label %5 i32 2, label %30 i32 3, label %124 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %9 %10 = tail call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_ioprio_get 1 __x64_sys_ioprio_get ------------- Path:  Function:__x64_sys_ioprio_get %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_ioprio_get(i64 %3, i64 %5) #69 Function:__se_sys_ioprio_get %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 switch i32 %3, label %223 [ i32 1, label %5 i32 2, label %30 i32 3, label %124 ] %6 = icmp eq i32 %4, 0 br i1 %6, label %7, label %9 %10 = tail call %struct.task_struct.112690* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.112690* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_get_robust_list ------------- Path:  Function:__x64_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.robust_list_head*** %6 = load %struct.robust_list_head**, %struct.robust_list_head*** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i64** %9 = load i64*, i64** %8, align 8 %10 = trunc i64 %3 to i32 %11 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %11, label %12, label %35 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %13 = icmp eq i32 %10, 0 br i1 %13, label %14, label %16 %17 = tail call %struct.task_struct.83941* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.83941* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_get_robust_list ------------- Path:  Function:__ia32_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to %struct.robust_list_head** %12 = inttoptr i64 %9 to i64* %13 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %13, label %14, label %37 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %10, 0 br i1 %15, label %16, label %18 %19 = tail call %struct.task_struct.83941* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.83941* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_get_robust_list ------------- Path:  Function:__ia32_compat_sys_get_robust_list %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %3 to i32 %11 = inttoptr i64 %6 to i32* %12 = inttoptr i64 %9 to i32* %13 = load i1, i1* @futex_cmpxchg_enabled, align 4 br i1 %13, label %14, label %36 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %10, 0 br i1 %15, label %16, label %18 %19 = tail call %struct.task_struct.83941* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.83941* (i32)*)(i32 %10) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __ia32_sys_sched_setattr ------------- Path:  Function:__ia32_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %84 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_setattr 1 __x64_sys_sched_setattr ------------- Path:  Function:__x64_sys_sched_setattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_setattr(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_setattr %4 = alloca %struct.sched_attr, align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %2 to i32 %7 = bitcast %struct.sched_attr* %4 to i8* %8 = icmp eq i64 %1, 0 %9 = icmp slt i32 %5, 0 %10 = or i1 %9, %8 %11 = icmp ne i32 %6, 0 %12 = or i1 %10, %11 br i1 %12, label %114, label %13 %14 = inttoptr i64 %1 to %struct.sched_attr* %16 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %14, i64 0, i32 0 %17 = tail call { i32*, i64, i64 } asm sideeffect "call __get_user_${4:P}", "={ax},={rdx},={rsp},0,i,2,~{dirflag},~{fpsr},~{flags}"(i32* %16, i64 4, i64 %15) #6, !srcloc !4 %18 = extractvalue { i32*, i64, i64 } %17, 0 %19 = extractvalue { i32*, i64, i64 } %17, 1 %20 = extractvalue { i32*, i64, i64 } %17, 2 %21 = ptrtoint i32* %18 to i64 %22 = trunc i64 %21 to i32 %23 = trunc i64 %19 to i32 %24 = icmp eq i32 %22, 0 br i1 %24, label %25, label %62 %26 = icmp eq i32 %23, 0 %27 = select i1 %26, i32 48, i32 %23 %28 = add i32 %27, -48 %29 = icmp ugt i32 %28, 4048 br i1 %29, label %60, label %30 %31 = inttoptr i64 %1 to i8* %32 = icmp ult i32 %27, 56 %33 = select i1 %32, i32 %27, i32 56 %34 = zext i32 %33 to i64 %35 = select i1 %32, i32 56, i32 %27 %36 = sub nuw nsw i32 %35, %33 %37 = zext i32 %36 to i64 br i1 %32, label %38, label %40 %41 = icmp eq i32 %27, 56 br i1 %41, label %48, label %42 %43 = getelementptr i8, i8* %31, i64 %34 %44 = tail call i32 @check_zeroed_user(i8* %43, i64 %37) #69 %45 = icmp sgt i32 %44, 0 %46 = icmp eq i32 %44, 0 %47 = select i1 %46, i32 -7, i32 %44 br i1 %45, label %48, label %51 %49 = call i64 @_copy_from_user(i8* nonnull %7, i8* %31, i64 %34) #69 %50 = icmp eq i64 %49, 0 br i1 %50, label %54, label %62 %55 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 2 %56 = load i64, i64* %55, align 8 %57 = and i64 %56, 96 %58 = icmp ne i64 %57, 0 %59 = and i1 %32, %58 br i1 %59, label %62, label %65 %66 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 3 %67 = load i32, i32* %66, align 8 %68 = getelementptr inbounds %struct.sched_attr, %struct.sched_attr* %4, i64 0, i32 1 %69 = load i32, i32* %68, align 4 %70 = icmp slt i32 %69, 0 %71 = and i64 %56, 8 %72 = icmp sgt i32 %67, -20 br i1 %72, label %73, label %75 %74 = icmp slt i32 %67, 19 br i1 %74, label %75, label %77 store i32 19, i32* %66, align 8 br i1 %70, label %114, label %78 %79 = icmp eq i64 %71, 0 br i1 %79, label %81, label %80 store i32 -1, i32* %68, align 4 br label %81 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %82 = icmp eq i32 %5, 0 br i1 %82, label %85, label %83 %84 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getscheduler ------------- Path:  Function:__ia32_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getscheduler ------------- Path:  Function:__x64_sys_sched_getscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %30, label %6 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %4, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_sched_getparam ------------- Path:  Function:__x64_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.kuid_t* %2 to i8* %9 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %9, align 4 %10 = icmp eq i64 %6, 0 %11 = icmp slt i32 %7, 0 %12 = or i1 %11, %10 br i1 %12, label %41, label %13 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %14 = icmp eq i32 %7, 0 br i1 %14, label %17, label %15 %16 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_sched_getparam ------------- Path:  Function:__ia32_sys_sched_getparam %2 = alloca %struct.kuid_t, align 4 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.kuid_t* %2 to i8* %10 = getelementptr inbounds %struct.kuid_t, %struct.kuid_t* %2, i64 0, i32 0 store i32 0, i32* %10, align 4 %11 = icmp eq i64 %7, 0 %12 = icmp slt i32 %8, 0 %13 = or i1 %12, %11 br i1 %13, label %42, label %14 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %8, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setparam ------------- Path:  Function:__ia32_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = trunc i64 %3 to i32 %8 = inttoptr i64 %6 to %struct.kuid_t* %9 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %8) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setparam ------------- Path:  Function:__x64_sys_sched_setparam %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to %struct.kuid_t** %6 = load %struct.kuid_t*, %struct.kuid_t** %5, align 8 %7 = trunc i64 %3 to i32 %8 = tail call fastcc i32 @do_sched_setscheduler(i32 %7, i32 -1, %struct.kuid_t* %6) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __ia32_sys_sched_setscheduler ------------- Path:  Function:__ia32_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %16, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %11 = load i64, i64* %10, align 8 %12 = inttoptr i64 %9 to %struct.kuid_t* %13 = trunc i64 %11 to i32 %14 = tail call fastcc i32 @do_sched_setscheduler(i32 %13, i32 %4, %struct.kuid_t* %12) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_sched_setscheduler 1 __x64_sys_sched_setscheduler ------------- Path:  Function:__x64_sys_sched_setscheduler %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 0 br i1 %5, label %15, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to %struct.kuid_t** %9 = load %struct.kuid_t*, %struct.kuid_t** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %11 to i32 %13 = tail call fastcc i32 @do_sched_setscheduler(i32 %12, i32 %4, %struct.kuid_t* %9) #69 Function:do_sched_setscheduler %4 = alloca %struct.sched_attr, align 8 %5 = alloca %struct.kuid_t, align 4 %6 = bitcast %struct.kuid_t* %5 to i8* %7 = icmp eq %struct.kuid_t* %2, null %8 = icmp slt i32 %0, 0 %9 = or i1 %8, %7 br i1 %9, label %62, label %10 %11 = bitcast %struct.kuid_t* %2 to i8* %12 = call i64 @_copy_from_user(i8* nonnull %6, i8* %11, i64 4) #69 %13 = icmp eq i64 %12, 0 br i1 %13, label %14, label %62 call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %0, 0 br i1 %15, label %18, label %16 %17 = call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __ia32_sys_sched_getattr ------------- Path:  Function:__ia32_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %76, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getattr 1 __x64_sys_sched_getattr ------------- Path:  Function:__x64_sys_sched_getattr %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_sched_getattr(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_sched_getattr %5 = alloca %struct.sched_attr, align 8 %6 = trunc i64 %0 to i32 %7 = trunc i64 %2 to i32 %8 = bitcast %struct.sched_attr* %5 to i8* %9 = icmp eq i64 %1, 0 %10 = icmp slt i32 %6, 0 %11 = or i1 %10, %9 br i1 %11, label %76, label %12 %13 = trunc i64 %3 to i32 %14 = add i32 %7, -48 %15 = icmp ugt i32 %14, 4048 %16 = icmp ne i32 %13, 0 %17 = or i1 %15, %16 br i1 %17, label %76, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %19 = icmp eq i32 %6, 0 br i1 %19, label %22, label %20 %21 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_compat_sys_sched_setaffinity ------------- Path:  Function:__ia32_compat_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i32* %13 = bitcast [1 x %struct.cpumask]* %2 to i8* %14 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %15 = icmp ult i32 %11, 8 br i1 %15, label %16, label %20 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 %18 = shl i64 %6, 3 %19 = and i64 %18, 4294967288 br label %20 %21 = phi i64 [ %19, %16 ], [ 64, %1 ] %22 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 %23 = call i64 @compat_get_bitmap(i64* nonnull %22, i32* %12, i64 %21) #69 %24 = trunc i64 %23 to i32 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %28 %27 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %14) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __ia32_sys_sched_setaffinity ------------- Path:  Function:__ia32_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = and i64 %6, 4294967295 %17 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %17, align 8 br label %18 %19 = phi i64 [ %16, %15 ], [ 8, %1 ] %20 = inttoptr i64 %9 to i8* %21 = call i64 @_copy_from_user(i8* nonnull %12, i8* %20, i64 %19) #69 %22 = icmp eq i64 %21, 0 br i1 %22, label %23, label %27 %24 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_setaffinity 1 __x64_sys_sched_setaffinity ------------- Path:  Function:__x64_sys_sched_setaffinity %2 = alloca [1 x %struct.cpumask], align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %6 to i32 %12 = bitcast [1 x %struct.cpumask]* %2 to i8* %13 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0 %14 = icmp ult i32 %11, 8 br i1 %14, label %15, label %18 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %2, i64 0, i64 0, i32 0, i64 0 store i64 0, i64* %16, align 8 %17 = and i64 %6, 4294967295 br label %18 %19 = phi i64 [ %17, %15 ], [ 8, %1 ] %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* %9, i64 %19) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %26 %23 = call i64 @sched_setaffinity(i32 %10, %struct.cpumask* nonnull %13) #69 Function:sched_setaffinity %3 = alloca [1 x %struct.cpumask], align 8 %4 = alloca [1 x %struct.cpumask], align 8 %5 = bitcast [1 x %struct.cpumask]* %3 to i8* %6 = bitcast [1 x %struct.cpumask]* %4 to i8* tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %7 = icmp eq i32 %0, 0 br i1 %7, label %10, label %8 %9 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_getaffinity 1 __se_compat_sys_sched_getaffinity 2 __ia32_compat_sys_sched_getaffinity ------------- Path:  Function:__ia32_compat_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_compat_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_compat_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %1 to i32 %6 = inttoptr i64 %2 to i32* %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %5, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %5, 3 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %67 %15 = trunc i64 %0 to i32 %16 = getelementptr inbounds [1 x %struct.cpumask], [1 x %struct.cpumask]* %4, i64 0, i64 0 %17 = call i64 @sched_getaffinity(i32 %15, %struct.cpumask* nonnull %16) #69 Function:sched_getaffinity tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %3 = icmp eq i32 %0, 0 br i1 %3, label %6, label %4 %5 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __ia32_sys_sched_getaffinity ------------- Path:  Function:__ia32_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_sched_getaffinity 1 __x64_sys_sched_getaffinity ------------- Path:  Function:__x64_sys_sched_getaffinity %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_sched_getaffinity(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_sched_getaffinity %4 = alloca [1 x %struct.cpumask], align 8 %5 = trunc i64 %0 to i32 %6 = trunc i64 %1 to i32 %7 = bitcast [1 x %struct.cpumask]* %4 to i8* %8 = shl i32 %6, 3 %9 = load i32, i32* @nr_cpu_ids, align 4 %10 = icmp uge i32 %8, %9 %11 = and i32 %6, 7 %12 = icmp eq i32 %11, 0 %13 = and i1 %12, %10 br i1 %13, label %14, label %46 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %15 = icmp eq i32 %5, 0 br i1 %15, label %18, label %16 %17 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__ia32_sys_sched_rr_get_interval_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.54* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval_time32 ------------- Path:  Function:__x64_sys_sched_rr_get_interval_time32 %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.54* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __ia32_sys_sched_rr_get_interval ------------- Path:  Function:__ia32_sys_sched_rr_get_interval %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.anon.54* %2 to i8* %9 = call fastcc i32 @sched_rr_get_interval(i32 %7, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 sched_rr_get_interval 1 __x64_sys_sched_rr_get_interval ------------- Path:  Function:__x64_sys_sched_rr_get_interval %2 = alloca %struct.anon.54, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.anon.54** %7 = load %struct.anon.54*, %struct.anon.54** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.anon.54* %2 to i8* %10 = call fastcc i32 @sched_rr_get_interval(i32 %8, %struct.anon.54* nonnull %2) #69 Function:sched_rr_get_interval %3 = icmp slt i32 %0, 0 br i1 %3, label %62, label %4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %0, 0 br i1 %5, label %8, label %6 %7 = tail call %struct.task_struct.54204* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.54204* (i32)*)(i32 %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __ia32_sys_prlimit64 ------------- Path:  Function:__ia32_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_prlimit64(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_prlimit64 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.anon.54* %5 to i8* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = bitcast %struct.anon.54* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_prlimit64 1 __x64_sys_prlimit64 ------------- Path:  Function:__x64_sys_prlimit64 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_prlimit64(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_prlimit64 %5 = alloca %struct.anon.54, align 8 %6 = alloca %struct.anon.54, align 8 %7 = alloca %struct.anon.54, align 8 %8 = alloca %struct.anon.54, align 8 %9 = trunc i64 %0 to i32 %10 = trunc i64 %1 to i32 %11 = bitcast %struct.anon.54* %5 to i8* %12 = bitcast %struct.anon.54* %6 to i8* %13 = bitcast %struct.anon.54* %7 to i8* %14 = bitcast %struct.anon.54* %8 to i8* %15 = icmp ne i64 %3, 0 %16 = zext i1 %15 to i32 %17 = icmp eq i64 %2, 0 br i1 %17, label %30, label %18 %19 = inttoptr i64 %2 to i8* %20 = call i64 @_copy_from_user(i8* nonnull %12, i8* nonnull %19, i64 16) #69 %21 = icmp eq i64 %20, 0 br i1 %21, label %22, label %128 %23 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 0 %24 = load i64, i64* %23, align 8 %25 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 0 store i64 %24, i64* %25, align 8 %26 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %6, i64 0, i32 1 %27 = load i64, i64* %26, align 8 %28 = getelementptr inbounds %struct.anon.54, %struct.anon.54* %8, i64 0, i32 1 store i64 %27, i64* %28, align 8 %29 = or i32 %16, 2 br label %30 %31 = phi i32 [ %29, %22 ], [ %16, %4 ] call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %32 = icmp eq i32 %9, 0 br i1 %32, label %35, label %33 %34 = call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __ia32_sys_getpriority ------------- Path:  Function:__ia32_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_getpriority(i64 %4, i64 %7) #69 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %5, i64 0, i32 78 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = icmp ugt i32 %3, 2 br i1 %8, label %158, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %3, label %155 [ i32 0, label %10 i32 1, label %25 i32 2, label %86 ] %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_getpriority 1 __x64_sys_getpriority ------------- Path:  Function:__x64_sys_getpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_getpriority(i64 %3, i64 %5) #69 Function:__se_sys_getpriority %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %5, i64 0, i32 78 %7 = load %struct.cred*, %struct.cred** %6, align 64 %8 = icmp ugt i32 %3, 2 br i1 %8, label %158, label %9 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %3, label %155 [ i32 0, label %10 i32 1, label %25 i32 2, label %86 ] %11 = icmp eq i32 %4, 0 br i1 %11, label %14, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getsid ------------- Path:  Function:__x64_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_getpgid ------------- Path:  Function:__x64_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getsid ------------- Path:  Function:__ia32_sys_getsid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __ia32_sys_tkill ------------- Path:  Function:__ia32_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %12, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = tail call fastcc i32 @do_tkill(i32 0, i32 %4, i32 %9) #69 Function:do_tkill %4 = alloca %struct.kernel_siginfo, align 8 %5 = bitcast %struct.kernel_siginfo* %4 to i8* %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %9, i32 1, %struct.pid_namespace.42859* null) #69 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 78 %13 = load %struct.cred*, %struct.cred** %12, align 64 %14 = getelementptr inbounds %struct.cred, %struct.cred* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __x64_sys_tkill ------------- Path:  Function:__x64_sys_tkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 %5 = icmp slt i32 %4, 1 br i1 %5, label %12, label %6 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %8 to i32 %10 = tail call fastcc i32 @do_tkill(i32 0, i32 %4, i32 %9) #69 Function:do_tkill %4 = alloca %struct.kernel_siginfo, align 8 %5 = bitcast %struct.kernel_siginfo* %4 to i8* %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %9, i32 1, %struct.pid_namespace.42859* null) #69 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 78 %13 = load %struct.cred*, %struct.cred** %12, align 64 %14 = getelementptr inbounds %struct.cred, %struct.cred* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __ia32_sys_tgkill ------------- Path:  Function:__ia32_sys_tgkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp slt i32 %7, 1 %9 = icmp slt i32 %6, 1 %10 = or i1 %9, %8 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %13 to i32 %15 = tail call fastcc i32 @do_tkill(i32 %6, i32 %7, i32 %14) #69 Function:do_tkill %4 = alloca %struct.kernel_siginfo, align 8 %5 = bitcast %struct.kernel_siginfo* %4 to i8* %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %9, i32 1, %struct.pid_namespace.42859* null) #69 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 78 %13 = load %struct.cred*, %struct.cred** %12, align 64 %14 = getelementptr inbounds %struct.cred, %struct.cred* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_tkill 1 __x64_sys_tgkill ------------- Path:  Function:__x64_sys_tgkill %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = trunc i64 %3 to i32 %7 = trunc i64 %5 to i32 %8 = icmp slt i32 %7, 1 %9 = icmp slt i32 %6, 1 %10 = or i1 %9, %8 br i1 %10, label %17, label %11 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %13 to i32 %15 = tail call fastcc i32 @do_tkill(i32 %6, i32 %7, i32 %14) #69 Function:do_tkill %4 = alloca %struct.kernel_siginfo, align 8 %5 = bitcast %struct.kernel_siginfo* %4 to i8* %6 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 0 store i32 %2, i32* %6, align 8 %7 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 1 store i32 0, i32* %7, align 4 %8 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 2 store i32 -6, i32* %8, align 8 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %9, i32 1, %struct.pid_namespace.42859* null) #69 %11 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 0 store i32 %10, i32* %11, align 8 %12 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 78 %13 = load %struct.cred*, %struct.cred** %12, align 64 %14 = getelementptr inbounds %struct.cred, %struct.cred* %13, i64 0, i32 1, i32 0 %15 = load i32, i32* %14, align 4 %16 = icmp eq i32 %15, -1 %17 = load i32, i32* @overflowuid, align 4 %18 = select i1 %16, i32 %17, i32 %15 %19 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %4, i64 0, i32 0, i32 3, i32 0, i32 1 store i32 %18, i32* %19, align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %20 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __ia32_compat_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_compat_sys_rt_tgsigqueueinfo %2 = alloca %struct.compat_siginfo, align 4 %3 = alloca %struct.kernel_siginfo, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = trunc i64 %9 to i32 %14 = bitcast %struct.kernel_siginfo* %3 to i8* %15 = bitcast %struct.compat_siginfo* %2 to i8* %16 = inttoptr i64 %12 to i8* %17 = call i64 @_copy_from_user(i8* nonnull %15, i8* %16, i64 128) #69 %18 = icmp eq i64 %17, 0 br i1 %18, label %20, label %19 %21 = trunc i64 %7 to i32 %22 = trunc i64 %5 to i32 %23 = getelementptr inbounds %struct.compat_siginfo, %struct.compat_siginfo* %2, i64 0, i32 0 store i32 %13, i32* %23, align 4 call fastcc void @post_copy_siginfo_from_user32(%struct.kernel_siginfo* nonnull %3, %struct.compat_siginfo* nonnull %2) #69 %24 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %22, i32 %21, i32 %13, %struct.kernel_siginfo* nonnull %3) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %58, label %8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __se_sys_rt_tgsigqueueinfo 2 __ia32_sys_rt_tgsigqueueinfo ------------- Path:  Function:__ia32_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %4, i64 %7, i64 %10, i64 %13) #69 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %62 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #69 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %81, %80 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %65, label %57 %66 = add nuw nsw i64 %53, 2 %67 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %66 %68 = load i8, i8* %67, align 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %57 %71 = add nuw nsw i64 %53, 3 %72 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %71 %73 = load i8, i8* %72, align 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %75, label %57 %76 = add nuw nsw i64 %53, 4 %77 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %76 %78 = load i8, i8* %77, align 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %57 %81 = add nuw nsw i64 %53, 5 %82 = icmp eq i64 %81, 80 br i1 %82, label %59, label %52 br label %60 %61 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %58, label %8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rt_tgsigqueueinfo 1 __se_sys_rt_tgsigqueueinfo 2 __x64_sys_rt_tgsigqueueinfo ------------- Path:  Function:__x64_sys_rt_tgsigqueueinfo %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = tail call fastcc i64 @__se_sys_rt_tgsigqueueinfo(i64 %3, i64 %5, i64 %7, i64 %9) #69 Function:__se_sys_rt_tgsigqueueinfo %5 = alloca [80 x i8], align 16 %6 = alloca %struct.kernel_siginfo, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = trunc i64 %2 to i32 %10 = inttoptr i64 %3 to %struct.siginfo* %11 = bitcast %struct.kernel_siginfo* %6 to i8* %12 = inttoptr i64 %3 to i8* %13 = call i64 @_copy_from_user(i8* nonnull %11, i8* %12, i64 48) #69 %14 = icmp eq i64 %13, 0 br i1 %14, label %15, label %62 %16 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 0 store i32 %9, i32* %16, align 8 %17 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %6, i64 0, i32 0, i32 2 %18 = load i32, i32* %17, align 8 %19 = icmp eq i32 %18, 128 br i1 %19, label %60, label %20 %21 = icmp sgt i32 %18, 0 br i1 %21, label %22, label %38 %39 = icmp sgt i32 %18, -8 %40 = icmp eq i32 %18, -60 %41 = or i1 %39, %40 br i1 %41, label %60, label %42 %43 = getelementptr %struct.siginfo, %struct.siginfo* %10, i64 0, i32 0, i32 1, i64 0 %44 = getelementptr inbounds [80 x i8], [80 x i8]* %5, i64 0, i64 0 %45 = call i64 @_copy_from_user(i8* nonnull %44, i8* %43, i64 80) #69 %46 = icmp eq i64 %45, 0 br i1 %46, label %52, label %57 %53 = phi i64 [ %81, %80 ], [ 0, %42 ] %54 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %53 %55 = load i8, i8* %54, align 1 %56 = icmp eq i8 %55, 0 br i1 %56, label %47, label %57 %48 = add nuw nsw i64 %53, 1 %49 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %48 %50 = load i8, i8* %49, align 1 %51 = icmp eq i8 %50, 0 br i1 %51, label %65, label %57 %66 = add nuw nsw i64 %53, 2 %67 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %66 %68 = load i8, i8* %67, align 1 %69 = icmp eq i8 %68, 0 br i1 %69, label %70, label %57 %71 = add nuw nsw i64 %53, 3 %72 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %71 %73 = load i8, i8* %72, align 1 %74 = icmp eq i8 %73, 0 br i1 %74, label %75, label %57 %76 = add nuw nsw i64 %53, 4 %77 = getelementptr [80 x i8], [80 x i8]* %5, i64 0, i64 %76 %78 = load i8, i8* %77, align 1 %79 = icmp eq i8 %78, 0 br i1 %79, label %80, label %57 %81 = add nuw nsw i64 %53, 5 %82 = icmp eq i64 %81, 80 br i1 %82, label %59, label %52 br label %60 %61 = call fastcc i32 @do_rt_tgsigqueueinfo(i32 %7, i32 %8, i32 %9, %struct.kernel_siginfo* nonnull %6) #69 Function:do_rt_tgsigqueueinfo %5 = icmp slt i32 %1, 1 %6 = icmp slt i32 %0, 1 %7 = or i1 %6, %5 br i1 %7, label %58, label %8 %9 = getelementptr inbounds %struct.kernel_siginfo, %struct.kernel_siginfo* %3, i64 0, i32 0, i32 2 %10 = load i32, i32* %9, align 8 %11 = icmp sgt i32 %10, -1 %12 = icmp eq i32 %10, -6 %13 = or i1 %11, %12 br i1 %13, label %14, label %18 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 %19 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __ia32_sys_setpriority ------------- Path:  Function:__ia32_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = tail call fastcc i64 @__se_sys_setpriority(i64 %4, i64 %7, i64 %10) #69 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp ugt i32 %4, 2 br i1 %10, label %148, label %11 %12 = icmp sgt i32 %6, -20 %13 = select i1 %12, i32 %6, i32 -20 %14 = icmp slt i32 %13, 19 %15 = select i1 %14, i32 %13, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %4, label %145 [ i32 0, label %16 i32 1, label %25 i32 2, label %83 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %20, label %18 %19 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpriority 1 __x64_sys_setpriority ------------- Path:  Function:__x64_sys_setpriority %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = tail call fastcc i64 @__se_sys_setpriority(i64 %3, i64 %5, i64 %7) #69 Function:__se_sys_setpriority %4 = trunc i64 %0 to i32 %5 = trunc i64 %1 to i32 %6 = trunc i64 %2 to i32 %7 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %7, i64 0, i32 78 %9 = load %struct.cred*, %struct.cred** %8, align 64 %10 = icmp ugt i32 %4, 2 br i1 %10, label %148, label %11 %12 = icmp sgt i32 %6, -20 %13 = select i1 %12, i32 %6, i32 -20 %14 = icmp slt i32 %13, 19 %15 = select i1 %14, i32 %13, i32 19 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_read_lock(%struct.rwlock_t* nonnull @tasklist_lock) #69 switch i32 %4, label %145 [ i32 0, label %16 i32 1, label %25 i32 2, label %83 ] %17 = icmp eq i32 %5, 0 br i1 %17, label %20, label %18 %19 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __ia32_sys_setpgid ------------- Path:  Function:__ia32_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_setpgid(i64 %4, i64 %7) #69 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %5, i64 0, i32 55 %7 = load %struct.task_struct.43108*, %struct.task_struct.43108** %6, align 8 %8 = icmp eq i32 %3, 0 br i1 %8, label %9, label %11 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %7, i32 0, %struct.pid_namespace.42859* null) #69 br label %11 %12 = phi i32 [ %3, %2 ], [ %10, %9 ] %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i32 %12, i32 %4 %15 = icmp slt i32 %14, 0 br i1 %15, label %82, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %17 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_setpgid 1 __x64_sys_setpgid ------------- Path:  Function:__x64_sys_setpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_setpgid(i64 %3, i64 %5) #69 Function:__se_sys_setpgid %3 = trunc i64 %0 to i32 %4 = trunc i64 %1 to i32 %5 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !4 %6 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %5, i64 0, i32 55 %7 = load %struct.task_struct.43108*, %struct.task_struct.43108** %6, align 8 %8 = icmp eq i32 %3, 0 br i1 %8, label %9, label %11 %10 = tail call i32 bitcast (i32 (%struct.task_struct.50083*, i32, %struct.pid_namespace.50085*)* @__task_pid_nr_ns to i32 (%struct.task_struct.43108*, i32, %struct.pid_namespace.42859*)*)(%struct.task_struct.43108* %7, i32 0, %struct.pid_namespace.42859* null) #69 br label %11 %12 = phi i32 [ %3, %2 ], [ %10, %9 ] %13 = icmp eq i32 %4, 0 %14 = select i1 %13, i32 %12, i32 %4 %15 = icmp slt i32 %14, 0 br i1 %15, label %82, label %16 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void @_raw_write_lock_irq(%struct.rwlock_t* nonnull @tasklist_lock) #69 %17 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %12) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_getpgid ------------- Path:  Function:__ia32_sys_getpgid %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = trunc i64 %3 to i32 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %5 = icmp eq i32 %4, 0 br i1 %5, label %6, label %12 %13 = tail call %struct.task_struct.43108* bitcast (%struct.task_struct.50083* (i32)* @find_task_by_vpid to %struct.task_struct.43108* (i32)*)(i32 %4) #69 ------------- Good: 9 Bad: 54 Ignored: 21 Check Use of Function:vfs_path_lookup Check Use of Function:do_move_mount Check Use of Function:may_open Check Use of Function:mmc_ioctl_cdrom_volume Check Use of Function:cgroup_kn_lock_live Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_procs_write ------------- Path:  Function:cgroup1_procs_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.88834* %0, i8* %1, i64 %2, i1 zeroext true) #69 Function:__cgroup1_procs_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file.88834, %struct.kernfs_open_file.88834* %0, i64 0, i32 0 %7 = load %struct.kernfs_node.88840*, %struct.kernfs_node.88840** %6, align 8 %8 = tail call %struct.cgroup.88849* bitcast (%struct.cgroup.87854* (%struct.kernfs_node.87605*, i1)* @cgroup_kn_lock_live to %struct.cgroup.88849* (%struct.kernfs_node.88840*, i1)*)(%struct.kernfs_node.88840* %7, i1 zeroext false) #69 ------------- Use: =BAD PATH= Call Stack: 0 __cgroup1_procs_write 1 cgroup1_tasks_write ------------- Path:  Function:cgroup1_tasks_write %5 = tail call fastcc i64 @__cgroup1_procs_write(%struct.kernfs_open_file.88834* %0, i8* %1, i64 %2, i1 zeroext false) #69 Function:__cgroup1_procs_write %5 = alloca i8, align 1 %6 = getelementptr inbounds %struct.kernfs_open_file.88834, %struct.kernfs_open_file.88834* %0, i64 0, i32 0 %7 = load %struct.kernfs_node.88840*, %struct.kernfs_node.88840** %6, align 8 %8 = tail call %struct.cgroup.88849* bitcast (%struct.cgroup.87854* (%struct.kernfs_node.87605*, i1)* @cgroup_kn_lock_live to %struct.cgroup.88849* (%struct.kernfs_node.88840*, i1)*)(%struct.kernfs_node.88840* %7, i1 zeroext false) #69 ------------- Good: 1 Bad: 2 Ignored: 15 Check Use of Function:msdos_create Check Use of Function:dev_add_pack Check Use of Function:security_inode_unlink Check Use of Function:drm_gem_handle_create Check Use of Function:sd_config_write_same Check Use of Function:freeze_super Check Use of Function:put_mnt_ns Use: =BAD PATH= Call Stack: 0 mntns_put ------------- Path:  Function:mntns_put %2 = getelementptr %struct.ns_common.138681, %struct.ns_common.138681* %0, i64 -1, i32 2 %3 = bitcast i32* %2 to %struct.mnt_namespace.138601* tail call void @put_mnt_ns(%struct.mnt_namespace.138601* %3) #69 ------------- Good: 9 Bad: 1 Ignored: 3 Check Use of Function:vm_stat_account Check Use of Function:proc_sys_revalidate Check Use of Function:kernfs_dop_revalidate Check Use of Function:pid_revalidate Check Use of Function:vfat_revalidate Check Use of Function:_dev_notice Check Use of Function:security_inode_rename Check Use of Function:path_openat Check Use of Function:link_path_walk Check Use of Function:drm_master_open Check Use of Function:vfs_open Check Use of Function:terminate_walk Check Use of Function:security_locked_down Use: =BAD PATH= Call Stack: 0 pccard_store_cis ------------- Path:  Function:pccard_store_cis %7 = tail call i32 @security_locked_down(i32 10) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_write ------------- Path:  Function:proc_bus_pci_write %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = tail call i8* bitcast (i8* (%struct.inode.162997*)* @PDE_DATA to i8* (%struct.inode*)*)(%struct.inode* %6) #69 %8 = bitcast i8* %7 to %struct.pci_dev.296182* %9 = load i64, i64* %3, align 8 %10 = trunc i64 %9 to i32 %11 = getelementptr inbounds i8, i8* %7, i64 896 %12 = bitcast i8* %11 to i32* %13 = load i32, i32* %12, align 8 %14 = tail call i32 @security_locked_down(i32 6) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* bitcast (i8* (%struct.inode.162997*)* @PDE_DATA to i8* (%struct.inode*)*)(%struct.inode* %5) #69 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_bus_pci_ioctl ------------- Path:  Function:proc_bus_pci_ioctl %4 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %5 = load %struct.inode*, %struct.inode** %4, align 8 %6 = tail call i8* bitcast (i8* (%struct.inode.162997*)* @PDE_DATA to i8* (%struct.inode*)*)(%struct.inode* %5) #69 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 16 %8 = bitcast i8** %7 to %struct.util_est** %9 = load %struct.util_est*, %struct.util_est** %8, align 8 %10 = tail call i32 @security_locked_down(i32 6) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -3, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pci_dev.291277* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #69 ------------- Use: =BAD PATH= Call Stack: 0 pci_write_config ------------- Path:  Function:pci_write_config %7 = getelementptr %struct.kobject, %struct.kobject* %1, i64 -3, i32 1, i32 1 %8 = bitcast %struct.list_head** %7 to %struct.pci_dev.291277* %9 = trunc i64 %5 to i32 %10 = tail call i32 @security_locked_down(i32 6) #69 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %48 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %48, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %48 %38 = call i32 @security_locked_down(i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 msr_ioctl ------------- Path:  Function:msr_ioctl %4 = alloca [8 x i32], align 16 %5 = bitcast [8 x i32]* %4 to i8* %6 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %7 = load %struct.inode*, %struct.inode** %6, align 8 %8 = getelementptr inbounds %struct.inode, %struct.inode* %7, i64 0, i32 13 %9 = load i32, i32* %8, align 4 %10 = and i32 %9, 1048575 switch i32 %1, label %48 [ i32 -1071619168, label %11 i32 -1071619167, label %28 ] %29 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 8 %30 = load i32, i32* %29, align 4 %31 = and i32 %30, 2 %32 = icmp eq i32 %31, 0 br i1 %32, label %48, label %33 %34 = inttoptr i64 %2 to i8* %35 = call i64 @_copy_from_user(i8* nonnull %5, i8* %34, i64 32) #69 %36 = icmp eq i64 %35, 0 br i1 %36, label %37, label %48 %38 = call i32 @security_locked_down(i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 msr_write.25797 ------------- Path:  Function:msr_write.25797 %5 = alloca [2 x i32], align 4 %6 = bitcast [2 x i32]* %5 to i8* %7 = load i64, i64* %3, align 8 %8 = trunc i64 %7 to i32 %9 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %10 = load %struct.inode*, %struct.inode** %9, align 8 %11 = getelementptr inbounds %struct.inode, %struct.inode* %10, i64 0, i32 13 %12 = load i32, i32* %11, align 4 %13 = and i32 %12, 1048575 %14 = tail call i32 @security_locked_down(i32 8) #69 ------------- Use: =BAD PATH= Call Stack: 0 disk_store ------------- Path:  Function:disk_store %5 = load i1, i1* @nohibernate, align 4 br i1 %5, label %34, label %6 %7 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 disk_show ------------- Path:  Function:disk_show %4 = load i1, i1* @nohibernate, align 4 br i1 %4, label %11, label %5 %6 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 blkdev_write_iter ------------- Path:  Function:blkdev_write_iter %3 = alloca %struct.blk_plug, align 8 %4 = getelementptr inbounds %struct.kiocb.112611, %struct.kiocb.112611* %0, i64 0, i32 0 %5 = load %struct.file.112786*, %struct.file.112786** %4, align 8 %6 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %5, i64 0, i32 19 %7 = load %struct.address_space.112620*, %struct.address_space.112620** %6, align 8 %8 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %7, i64 0, i32 0 %9 = load %struct.inode.112777*, %struct.inode.112777** %8, align 8 %10 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = bitcast %struct.blk_plug* %3 to i8* %13 = getelementptr %struct.inode.112777, %struct.inode.112777* %9, i64 -1, i32 40 %14 = bitcast %struct.file_lock_context** %13 to %struct.block_device.112609* %15 = tail call i32 bitcast (i32 (%struct.block_device.272975*)* @bdev_read_only to i32 (%struct.block_device.112609*)*)(%struct.block_device.112609* %14) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %66 %18 = getelementptr inbounds %struct.inode.112777, %struct.inode.112777* %9, i64 0, i32 4 %19 = load i32, i32* %18, align 4 %20 = and i32 %19, 256 %21 = icmp eq i32 %20, 0 br i1 %21, label %24, label %22 %23 = tail call zeroext i1 @hibernation_available() #69 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %5, label %2 %3 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 snapshot_open ------------- Path:  Function:snapshot_open %3 = alloca i32, align 4 %4 = bitcast i32* %3 to i8* store i32 0, i32* %3, align 4 %5 = tail call zeroext i1 @hibernation_available() #69 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %5, label %2 %3 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 hibernation_available 1 state_show ------------- Path:  Function:state_show %4 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 1), align 8 %5 = icmp eq i8* %4, null br i1 %5, label %10, label %6 %11 = phi i8* [ %9, %6 ], [ %2, %3 ] %12 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 2), align 8 %13 = icmp eq i8* %12, null br i1 %13, label %29, label %25 %26 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %11, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7261, i64 0, i64 0), i8* nonnull %12) #69 %27 = sext i32 %26 to i64 %28 = getelementptr i8, i8* %11, i64 %27 br label %29 %30 = phi i8* [ %28, %25 ], [ %11, %10 ] %31 = load i8*, i8** getelementptr inbounds ([4 x i8*], [4 x i8*]* @pm_states, i64 0, i64 3), align 8 %32 = icmp eq i8* %31, null br i1 %32, label %37, label %33 %34 = tail call i32 (i8*, i8*, ...) @sprintf(i8* %30, i8* getelementptr inbounds ([4 x i8], [4 x i8]* @.str.30.7261, i64 0, i64 0), i8* nonnull %31) #69 %35 = sext i32 %34 to i64 %36 = getelementptr i8, i8* %30, i64 %35 br label %37 %38 = phi i8* [ %36, %33 ], [ %30, %29 ] %39 = tail call zeroext i1 @hibernation_available() #70 Function:hibernation_available %1 = load i1, i1* @nohibernate, align 4 br i1 %1, label %5, label %2 %3 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 hibernate 1 state_store ------------- Path:  Function:state_store %5 = tail call i8* @memchr(i8* %2, i32 10, i64 %3) #69 %6 = icmp eq i8* %5, null %7 = ptrtoint i8* %5 to i64 %8 = ptrtoint i8* %2 to i64 %9 = sub i64 %7, %8 %10 = select i1 %6, i64 %3, i64 %9 %11 = trunc i64 %10 to i32 %12 = icmp eq i32 %11, 4 br i1 %12, label %13, label %16 %14 = tail call i32 @strncmp(i8* %2, i8* dereferenceable(5) getelementptr inbounds ([5 x i8], [5 x i8]* @.str.32.7271, i64 0, i64 0), i64 4) #69 %15 = icmp eq i32 %14, 0 br i1 %15, label %50, label %16 %51 = tail call i32 @hibernate() #69 Function:hibernate %1 = alloca i32, align 4 %2 = bitcast i32* %1 to i8* store i32 0, i32* %1, align 4 %3 = load i1, i1* @nohibernate, align 4 br i1 %3, label %7, label %4 %5 = tail call i32 @security_locked_down(i32 5) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic ------------- Path:  Function:tracing_open_generic %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_tgids_open ------------- Path:  Function:tracing_saved_tgids_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_saved_cmdlines_open ------------- Path:  Function:tracing_saved_cmdlines_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_generic_tr ------------- Path:  Function:tracing_open_generic_tr %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_buffers_open ------------- Path:  Function:tracing_buffers_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_err_log_open ------------- Path:  Function:tracing_err_log_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_time_stamp_mode_open ------------- Path:  Function:tracing_time_stamp_mode_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_clock_open ------------- Path:  Function:tracing_clock_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open_pipe ------------- Path:  Function:tracing_open_pipe %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_open ------------- Path:  Function:tracing_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_trace_options_open ------------- Path:  Function:tracing_trace_options_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array** %5 = load %struct.trace_array*, %struct.trace_array** %4, align 8 %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 show_traces_open ------------- Path:  Function:show_traces_open %3 = getelementptr inbounds %struct.inode.96765, %struct.inode.96765* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = bitcast i8* %4 to %struct.trace_array* %6 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 dyn_event_open ------------- Path:  Function:dyn_event_open %3 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.99862*)*)(%struct.trace_array.99862* null) #69 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_open ------------- Path:  Function:ftrace_event_set_open %3 = getelementptr inbounds %struct.inode.99918, %struct.inode.99918* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.99862** %5 = load %struct.trace_array.99862*, %struct.trace_array.99862** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.99862*)*)(%struct.trace_array.99862* %5) #69 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_check_open_get_tr 1 ftrace_event_set_pid_open ------------- Path:  Function:ftrace_event_set_pid_open %3 = getelementptr inbounds %struct.inode.99918, %struct.inode.99918* %0, i64 0, i32 47 %4 = bitcast i8** %3 to %struct.trace_array.99862** %5 = load %struct.trace_array.99862*, %struct.trace_array.99862** %4, align 8 %6 = tail call i32 bitcast (i32 (%struct.trace_array*)* @tracing_check_open_get_tr to i32 (%struct.trace_array.99862*)*)(%struct.trace_array.99862* %5) #69 Function:tracing_check_open_get_tr %2 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 tracing_stat_open ------------- Path:  Function:tracing_stat_open %3 = getelementptr inbounds %struct.inode.97846, %struct.inode.97846* %0, i64 0, i32 47 %4 = load i8*, i8** %3, align 8 %5 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_formats_open ------------- Path:  Function:ftrace_formats_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 ftrace_event_avail_open ------------- Path:  Function:ftrace_event_avail_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 event_trigger_open ------------- Path:  Function:event_trigger_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 profile_open ------------- Path:  Function:profile_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 probes_open ------------- Path:  Function:probes_open %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 profile_open.11501 ------------- Path:  Function:profile_open.11501 %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 probes_open.11506 ------------- Path:  Function:probes_open.11506 %3 = tail call i32 @security_locked_down(i32 23) #69 ------------- Use: =BAD PATH= Call Stack: 0 open_kcore ------------- Path:  Function:open_kcore %3 = tail call i32 @security_locked_down(i32 18) #69 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 ------------- Use: =BAD PATH= Call Stack: 0 debugfs_setattr ------------- Path:  Function:debugfs_setattr %3 = tail call i32 @security_locked_down(i32 14) #69 ------------- Good: 59 Bad: 56 Ignored: 99 Check Use of Function:ramfs_create Check Use of Function:bad_inode_create Check Use of Function:tty_lock Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl 2 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_jobctrl_ioctl 1 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %24 = trunc i64 %4 to i32 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* %1) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %7, align 8 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_fasync ------------- Path:  Function:tty_fasync %4 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %1, i64 0, i32 16 %5 = bitcast i8** %4 to %struct.tty_file_private** %6 = load %struct.tty_file_private*, %struct.tty_file_private** %5, align 8 %7 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %6, i64 0, i32 0 %8 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %7, align 8 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* %8) #69 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %6, align 8 %8 = icmp eq %struct.tty_struct.251245* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %6, align 8 %8 = icmp eq %struct.tty_struct.251245* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 tty_release ------------- Path:  Function:tty_release %3 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.tty_file_private** %5 = load %struct.tty_file_private*, %struct.tty_file_private** %4, align 8 %6 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %5, i64 0, i32 0 %7 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %6, align 8 %8 = icmp eq %struct.tty_struct.251245* %7, null br i1 %8, label %9, label %15 %16 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %7, i64 0, i32 0 %17 = load i32, i32* %16, align 8 %18 = icmp eq i32 %17, 21505 br i1 %18, label %25, label %19 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %7) #70 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.251245* %0, null br i1 %3, label %205, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.250940* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.251245* %0, null br i1 %3, label %205, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.250940* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl 5 tty_compat_ioctl ------------- Path:  Function:tty_compat_ioctl %4 = alloca %struct.serial_struct32, align 4 %5 = alloca %struct.serial_struct, align 8 %6 = alloca [16 x i8], align 16 %7 = alloca %struct.serial_struct32, align 4 %8 = alloca %struct.serial_struct, align 8 %9 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %10 = bitcast i8** %9 to %struct.tty_file_private** %11 = load %struct.tty_file_private*, %struct.tty_file_private** %10, align 8 %12 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %11, i64 0, i32 0 %13 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %12, align 8 switch i32 %1, label %19 [ i32 21522, label %14 i32 21523, label %14 i32 21524, label %14 i32 -2147199936, label %14 i32 21540, label %14 i32 21539, label %14 i32 -2147199950, label %14 i32 21525, label %14 i32 21528, label %14 i32 21527, label %14 i32 21526, label %14 i32 21597, label %14 i32 21519, label %14 i32 21520, label %14 i32 21545, label %14 i32 21593, label %14 i32 21550, label %14 i32 21551, label %14 i32 21508, label %14 i32 21507, label %14 i32 21506, label %14 i32 21505, label %14 i32 -2144578518, label %14 i32 1076646957, label %14 i32 1076646956, label %14 i32 1076646955, label %14 i32 21509, label %14 i32 21512, label %14 i32 21511, label %14 i32 21510, label %14 i32 21590, label %14 i32 21591, label %14 i32 21554, label %14 i32 21555, label %14 i32 21557, label %14 i32 21556, label %14 i32 21529, label %14 i32 21530, label %14 i32 21533, label %17 i32 21516, label %17 i32 21517, label %17 i32 21559, label %17 i32 21543, label %17 i32 21544, label %17 i32 21513, label %17 i32 21541, label %17 i32 21515, label %17 i32 21569, label %17 i32 21538, label %17 i32 21518, label %17 i32 21514, label %17 i32 21596, label %17 i32 21587, label %17 ] %18 = tail call i64 @tty_ioctl(%struct.file.250940* %0, i32 %1, i64 %2) #69 Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.251245* %0, null br i1 %3, label %205, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.250940* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %0) #69 ------------- Use: =BAD PATH= Call Stack: 0 __tty_hangup 1 tty_vhangup_session 2 disassociate_ctty 3 tty_jobctrl_ioctl 4 tty_ioctl ------------- Path:  Function:tty_ioctl %4 = alloca [16 x i8], align 16 %5 = alloca %struct.serial_struct, align 8 %6 = alloca %struct.serial_icounter_struct, align 4 %7 = alloca i64, align 8 %8 = alloca i8, align 1 %9 = alloca i8, align 1 %10 = alloca %struct.serial_struct, align 8 %11 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %12 = bitcast i8** %11 to %struct.tty_file_private** %13 = load %struct.tty_file_private*, %struct.tty_file_private** %12, align 8 %14 = getelementptr inbounds %struct.tty_file_private, %struct.tty_file_private* %13, i64 0, i32 0 %15 = load %struct.tty_struct.251245*, %struct.tty_struct.251245** %14, align 8 %16 = inttoptr i64 %2 to i8* %17 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 2 %18 = load %struct.inode.251157*, %struct.inode.251157** %17, align 8 %19 = icmp eq %struct.tty_struct.251245* %15, null br i1 %19, label %20, label %26 %27 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 0 %28 = load i32, i32* %27, align 8 %29 = icmp eq i32 %28, 21505 br i1 %29, label %36, label %30 %37 = getelementptr inbounds %struct.tty_struct.251245, %struct.tty_struct.251245* %15, i64 0, i32 3 %38 = load %struct.tty_driver.251241*, %struct.tty_driver.251241** %37, align 8 %39 = getelementptr inbounds %struct.tty_driver.251241, %struct.tty_driver.251241* %38, i64 0, i32 10 %40 = load i16, i16* %39, align 8 %41 = icmp eq i16 %40, 4 br i1 %41, label %42, label %49 %50 = phi %struct.tty_struct.251245* [ %48, %46 ], [ %15, %42 ], [ %15, %36 ] switch i32 %1, label %370 [ i32 21539, label %51 i32 21543, label %51 i32 21544, label %51 i32 21513, label %51 i32 21541, label %51 i32 21522, label %65 i32 21523, label %100 i32 21524, label %108 i32 21533, label %139 i32 21516, label %158 i32 21517, label %161 i32 -2147199936, label %164 i32 21540, label %173 i32 21559, label %198 i32 -2147199950, label %201 i32 21525, label %253 i32 21528, label %268 i32 21527, label %268 i32 21526, label %268 i32 21597, label %302 i32 21515, label %319 i32 21535, label %321 i32 21534, label %349 i32 21569, label %366 ] %371 = tail call i64 bitcast (i64 (%struct.tty_struct.339591*, %struct.tty_struct.339591*, %struct.file.339488*, i32, i64)* @tty_jobctrl_ioctl to i64 (%struct.tty_struct.251245*, %struct.tty_struct.251245*, %struct.file.250940*, i32, i64)*)(%struct.tty_struct.251245* nonnull %15, %struct.tty_struct.251245* %50, %struct.file.250940* %0, i32 %1, i64 %2) #70 Function:tty_jobctrl_ioctl switch i32 %3, label %226 [ i32 21538, label %6 i32 21518, label %23 i32 21519, label %98 i32 21520, label %129 i32 21545, label %205 ] %7 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %8 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %7, i64 0, i32 87 %9 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %8, align 8 %10 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %9, i64 0, i32 24 %11 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %10, align 8 %12 = icmp eq %struct.tty_struct.339591* %11, %0 br i1 %12, label %13, label %226 tail call void @disassociate_ctty(i32 0) #69 Function:disassociate_ctty %2 = tail call %struct.task_struct.339648* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.339648** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.339648**)) #10, !srcloc !4 %3 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 87 %4 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %5 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %4, i64 0, i32 23 %6 = load i32, i32* %5, align 8 %7 = icmp eq i32 %6, 0 br i1 %7, label %154, label %8 %9 = getelementptr inbounds %struct.task_struct.339648, %struct.task_struct.339648* %2, i64 0, i32 88 %10 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %11 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %10, i64 0, i32 0, i32 0, i32 0 %12 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %11) #69 %13 = load %struct.signal_struct.339597*, %struct.signal_struct.339597** %3, align 8 %14 = getelementptr inbounds %struct.signal_struct.339597, %struct.signal_struct.339597* %13, i64 0, i32 24 %15 = load %struct.tty_struct.339591*, %struct.tty_struct.339591** %14, align 8 %16 = icmp eq %struct.tty_struct.339591* %15, null br i1 %16, label %29, label %17 %30 = load %struct.sighand_struct*, %struct.sighand_struct** %9, align 32 %31 = getelementptr inbounds %struct.sighand_struct, %struct.sighand_struct* %30, i64 0, i32 0, i32 0, i32 0 tail call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %31, i64 %12) #69 %32 = icmp eq i32 %0, 0 br i1 %16, label %65, label %33 br i1 %32, label %41, label %34 %35 = getelementptr inbounds %struct.tty_struct.339591, %struct.tty_struct.339591* %15, i64 0, i32 3 %36 = load %struct.tty_driver.339587*, %struct.tty_driver.339587** %35, align 8 %37 = getelementptr inbounds %struct.tty_driver.339587, %struct.tty_driver.339587* %36, i64 0, i32 10 %38 = load i16, i16* %37, align 8 %39 = icmp eq i16 %38, 4 br i1 %39, label %41, label %40 tail call void bitcast (void (%struct.tty_struct.251245*)* @tty_vhangup_session to void (%struct.tty_struct.339591*)*)(%struct.tty_struct.339591* nonnull %15) #69 Function:tty_vhangup_session tail call fastcc void @__tty_hangup(%struct.tty_struct.251245* %0, i32 1) #69 Function:__tty_hangup %3 = icmp eq %struct.tty_struct.251245* %0, null br i1 %3, label %205, label %4 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @redirect_lock, i64 0, i32 0, i32 0)) #69 %5 = load %struct.file.250940*, %struct.file.250940** @redirect, align 8 %6 = icmp eq %struct.file.250940* %5, null br i1 %6, label %15, label %7 %16 = phi %struct.file.250940* [ %5, %14 ], [ null, %7 ], [ null, %4 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 store volatile i8 0, i8* bitcast (%struct.spinlock* @redirect_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !5 tail call void bitcast (void (%struct.tty_struct.338780*)* @tty_lock to void (%struct.tty_struct.251245*)*)(%struct.tty_struct.251245* nonnull %0) #69 ------------- Good: 11 Bad: 13 Ignored: 32 Check Use of Function:unlazy_walk Check Use of Function:empty_dir_lookup Check Use of Function:nfs_create Check Use of Function:handle_dots Check Use of Function:proc_map_files_lookup Check Use of Function:lookup_fast Check Use of Function:security_msg_queue_msgrcv Check Use of Function:nfs_atomic_open Check Use of Function:d_alloc_parallel Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.194676, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.194676* %7 to i8* %15 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %18 = load %struct.inode.195275*, %struct.inode.195275** %17, align 8 %19 = icmp eq %struct.inode.195275* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %38 = load %struct.super_block.195272*, %struct.super_block.195272** %37, align 8 %39 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.195427** %41 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %40, align 32 %42 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %41, i64 0, i32 22 %43 = load i32, i32* %42, align 8 %44 = icmp ugt i32 %36, %43 br i1 %44, label %306, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %64 = and i32 %3, 512 %65 = icmp eq i32 %64, 0 br i1 %65, label %70, label %66 br i1 %47, label %71, label %91 %72 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 0 %73 = load i32, i32* %72, align 8 %74 = and i32 %73, 268435456 %75 = icmp eq i32 %74, 0 br i1 %75, label %76, label %91 call void bitcast (void (%struct.dentry.136422*)* @d_drop to void (%struct.dentry.195278*)*)(%struct.dentry.195278* %1) #69 %77 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 3 %78 = load %struct.dentry.195278*, %struct.dentry.195278** %77, align 8 %79 = call %struct.dentry.195278* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.195278* (%struct.dentry.195278*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.195278* %78, %struct.qstr* %33, %struct.wait_queue_head* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_sys_fill_cache 1 proc_sys_readdir ------------- Path:  Function:proc_sys_readdir %3 = alloca %struct.ctl_table_header*, align 8 %4 = alloca %struct.ctl_table*, align 8 %5 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 2 %6 = load %struct.inode*, %struct.inode** %5, align 8 %7 = getelementptr %struct.inode, %struct.inode* %6, i64 -1, i32 41, i32 13 %8 = getelementptr inbounds %struct.list_head, %struct.list_head* %7, i64 2 %9 = bitcast %struct.list_head* %8 to %struct.ctl_table_header** %10 = load %struct.ctl_table_header*, %struct.ctl_table_header** %9, align 8 %11 = icmp eq %struct.ctl_table_header* %10, null %12 = select i1 %11, %struct.ctl_table_header* getelementptr inbounds (%struct.ctl_table_root, %struct.ctl_table_root* @sysctl_table_root, i64 0, i32 0, i32 1, i32 0), %struct.ctl_table_header* %10 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %13 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %12, i64 0, i32 1 %14 = load %struct.completion*, %struct.completion** %13, align 8 %15 = icmp eq %struct.completion* %14, null br i1 %15, label %16, label %20, !prof !4, !misexpect !5 %21 = phi %struct.ctl_table_header* [ %12, %16 ], [ inttoptr (i64 -2 to %struct.ctl_table_header*), %2 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %22 = icmp ugt %struct.ctl_table_header* %21, inttoptr (i64 -4096 to %struct.ctl_table_header*) br i1 %22, label %23, label %26 %27 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %28 = load i64, i64* %27, align 8 switch i64 %28, label %58 [ i64 0, label %29 i64 1, label %41 ] %30 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %31 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %30, align 8 %32 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %33 = load %struct.dentry*, %struct.dentry** %32, align 8 %34 = getelementptr inbounds %struct.dentry, %struct.dentry* %33, i64 0, i32 5 %35 = load %struct.inode*, %struct.inode** %34, align 8 %36 = getelementptr inbounds %struct.inode, %struct.inode* %35, i64 0, i32 11 %37 = load i64, i64* %36, align 8 %38 = tail call i32 %31(%struct.dir_context* %1, i8* getelementptr inbounds ([2 x i8], [2 x i8]* @.str.18.17503, i64 0, i64 0), i32 1, i64 0, i64 %37, i32 4) #69 %39 = icmp eq i32 %38, 0 br i1 %39, label %40, label %213 store i64 1, i64* %27, align 8 br label %41 %42 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 0 %43 = load i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)*, i32 (%struct.dir_context*, i8*, i32, i64, i64, i32)** %42, align 8 %44 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %45 = load %struct.dentry*, %struct.dentry** %44, align 8 %46 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 7, i32 0 %47 = bitcast %struct.anon.1* %46 to %struct.raw_spinlock* tail call void @_raw_spin_lock(%struct.raw_spinlock* %47) #69 %48 = getelementptr inbounds %struct.dentry, %struct.dentry* %45, i64 0, i32 3 %49 = load %struct.dentry*, %struct.dentry** %48, align 8 %50 = getelementptr inbounds %struct.dentry, %struct.dentry* %49, i64 0, i32 5 %51 = load %struct.inode*, %struct.inode** %50, align 8 %52 = getelementptr inbounds %struct.inode, %struct.inode* %51, i64 0, i32 11 %53 = load i64, i64* %52, align 8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %54 = bitcast %struct.anon.1* %46 to i8* store volatile i8 0, i8* %54, align 1 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %55 = tail call i32 %43(%struct.dir_context* %1, i8* getelementptr inbounds ([3 x i8], [3 x i8]* @.str.19.17504, i64 0, i64 0), i32 2, i64 1, i64 %53, i32 4) #69 %56 = icmp eq i32 %55, 0 br i1 %56, label %57, label %213 store i64 2, i64* %27, align 8 br label %58 tail call void @_raw_spin_lock(%struct.raw_spinlock* getelementptr inbounds (%struct.spinlock, %struct.spinlock* @sysctl_lock, i64 0, i32 0, i32 0)) #69 %59 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %21, i64 1 %60 = bitcast %struct.ctl_table_header* %59 to %struct.rb_root* %61 = tail call %struct.rb_node* @rb_first(%struct.rb_root* %60) #69 %62 = icmp eq %struct.rb_node* %61, null br i1 %62, label %79, label %63 %64 = phi %struct.rb_node* [ %77, %76 ], [ %61, %58 ] %65 = getelementptr inbounds %struct.rb_node, %struct.rb_node* %64, i64 1 %66 = bitcast %struct.rb_node* %65 to %struct.ctl_table_header** %67 = load %struct.ctl_table_header*, %struct.ctl_table_header** %66, align 8 %68 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %67, i64 0, i32 1 %69 = load %struct.completion*, %struct.completion** %68, align 8 %70 = icmp eq %struct.completion* %69, null br i1 %70, label %71, label %76, !prof !4, !misexpect !5 %77 = tail call %struct.rb_node* @rb_next(%struct.rb_node* nonnull %64) #69 %78 = icmp eq %struct.rb_node* %77, null br i1 %78, label %79, label %63 %80 = phi %struct.ctl_node* [ %75, %71 ], [ null, %58 ], [ null, %76 ] tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 store volatile i8 0, i8* bitcast (%struct.spinlock* @sysctl_lock to i8*), align 4 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !7 %81 = icmp eq %struct.ctl_node* %80, null br i1 %81, label %213, label %82 %83 = getelementptr inbounds %struct.ctl_node, %struct.ctl_node* %80, i64 0, i32 1 %84 = load %struct.ctl_table_header*, %struct.ctl_table_header** %83, align 8 %85 = icmp eq %struct.ctl_table_header* %84, null br i1 %85, label %213, label %86 %87 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 0, i32 0, i32 0 %88 = load %struct.ctl_table*, %struct.ctl_table** %87, align 8 %89 = ptrtoint %struct.ctl_node* %80 to i64 %90 = getelementptr inbounds %struct.ctl_table_header, %struct.ctl_table_header* %84, i64 0, i32 6 %91 = bitcast %struct.ctl_node** %90 to i64* %92 = load i64, i64* %91, align 8 %93 = sub i64 %89, %92 %94 = ashr exact i64 %93, 5 %95 = getelementptr %struct.ctl_table, %struct.ctl_table* %88, i64 %94 %96 = bitcast %struct.ctl_table_header** %3 to i8* %97 = bitcast %struct.ctl_table** %4 to i8* br label %98 %99 = phi i64 [ 2, %86 ], [ %102, %200 ] %100 = phi %struct.ctl_table* [ %95, %86 ], [ %211, %200 ] %101 = phi %struct.ctl_table_header* [ %84, %86 ], [ %202, %200 ] %102 = add i64 %99, 1 %103 = load i64, i64* %27, align 8 %104 = icmp ult i64 %99, %103 br i1 %104, label %160, label %105 %106 = getelementptr inbounds %struct.ctl_table, %struct.ctl_table* %100, i64 0, i32 3 %107 = load i16, i16* %106, align 4 %108 = and i16 %107, -4096 %109 = icmp eq i16 %108, -24576 br i1 %109, label %110, label %146, !prof !8, !misexpect !5 %147 = tail call fastcc zeroext i1 @proc_sys_fill_cache(%struct.file* %0, %struct.dir_context* %1, %struct.ctl_table_header* nonnull %101, %struct.ctl_table* %100) #69 Function:proc_sys_fill_cache %5 = alloca %struct.qstr, align 8 %6 = alloca %struct.wait_queue_head, align 8 %7 = getelementptr inbounds %struct.file, %struct.file* %0, i64 0, i32 1, i32 1 %8 = load %struct.dentry*, %struct.dentry** %7, align 8 %9 = bitcast %struct.qstr* %5 to i8* %10 = bitcast %struct.ctl_table* %3 to i64* %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.qstr, %struct.qstr* %5, i64 0, i32 1 %13 = bitcast i8** %12 to i64* store i64 %11, i64* %13, align 8 %14 = inttoptr i64 %11 to i8* %15 = tail call i64 @strlen(i8* %14) #69 %16 = trunc i64 %15 to i32 %17 = bitcast %struct.qstr* %5 to %struct.util_est* %18 = getelementptr inbounds %struct.util_est, %struct.util_est* %17, i64 0, i32 1 store i32 %16, i32* %18, align 4 %19 = bitcast %struct.dentry* %8 to i8* %20 = tail call i32 @full_name_hash(i8* %19, i8* %14, i32 %16) #70 %21 = bitcast %struct.qstr* %5 to i32* store i32 %20, i32* %21, align 8 %22 = call %struct.dentry* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_lookup to %struct.dentry* (%struct.dentry*, %struct.qstr*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5) #71 %23 = icmp eq %struct.dentry* %22, null br i1 %23, label %24, label %67 %25 = bitcast %struct.wait_queue_head* %6 to i8* %26 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %26, align 8 %27 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %28 = getelementptr inbounds %struct.list_head, %struct.list_head* %27, i64 0, i32 0 store %struct.list_head* %27, %struct.list_head** %28, align 8 %29 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %27, %struct.list_head** %29, align 8 %30 = call %struct.dentry* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry* (%struct.dentry*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry* %8, %struct.qstr* nonnull %5, %struct.wait_queue_head* nonnull %6) #71 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tid_base_readdir ------------- Path:  Function:proc_tid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.162626* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } } }>* @tid_base_stuff, i64 0, i32 0), i32 39) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 2 %6 = load %struct.inode.162701*, %struct.inode.162701** %5, align 8 %7 = getelementptr %struct.inode.162701, %struct.inode.162701* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.162375** %9 = load %struct.pid.162375*, %struct.pid.162375** %8, align 8 %10 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.162579* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.162626* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.162626* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.162705* (%struct.dentry.162705*, %struct.task_struct.162579*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.162579* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.162705*, %struct.dentry.162705** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.162705* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_attr_dir_readdir ------------- Path:  Function:proc_attr_dir_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.162626* %0, %struct.dir_context* %1, %struct.pid_entry* bitcast ([6 x { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i8* } }]* @attr_dir_stuff to %struct.pid_entry*), i32 6) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 2 %6 = load %struct.inode.162701*, %struct.inode.162701** %5, align 8 %7 = getelementptr %struct.inode.162701, %struct.inode.162701* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.162375** %9 = load %struct.pid.162375*, %struct.pid.162375** %8, align 8 %10 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.162579* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.162626* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.162626* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.162705* (%struct.dentry.162705*, %struct.task_struct.162579*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.162579* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.162705*, %struct.dentry.162705** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.162705* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Use: =BAD PATH= Call Stack: 0 proc_fill_cache 1 proc_pident_readdir 2 proc_tgid_base_readdir ------------- Path:  Function:proc_tgid_base_readdir %3 = tail call fastcc i32 @proc_pident_readdir(%struct.file.162626* %0, %struct.dir_context* %1, %struct.pid_entry* getelementptr inbounds (<{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } } }>, <{ %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } }, %struct.pid_entry, { i8*, i32, i16, %struct.inode_operations.162695*, %struct.file_operations.162623*, { i32 (%struct.seq_file.162393*, %struct.pid_namespace.162373*, %struct.pid.162375*, %struct.task_struct.162579*)* } } }>* @tgid_base_stuff, i64 0, i32 0), i32 44) #69 Function:proc_pident_readdir %5 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 2 %6 = load %struct.inode.162701*, %struct.inode.162701** %5, align 8 %7 = getelementptr %struct.inode.162701, %struct.inode.162701* %6, i64 -1, i32 41, i32 13 %8 = bitcast %struct.list_head* %7 to %struct.pid.162375** %9 = load %struct.pid.162375*, %struct.pid.162375** %8, align 8 %10 = tail call %struct.task_struct.162579* bitcast (%struct.task_struct.50083* (%struct.pid.49683*, i32)* @get_pid_task to %struct.task_struct.162579* (%struct.pid.162375*, i32)*)(%struct.pid.162375* %9, i32 0) #69 %11 = icmp eq %struct.task_struct.162579* %10, null br i1 %11, label %40, label %12 %13 = tail call fastcc zeroext i1 @dir_emit_dots(%struct.file.162626* %0, %struct.dir_context* %1) #70 br i1 %13, label %14, label %39 %15 = getelementptr inbounds %struct.dir_context, %struct.dir_context* %1, i64 0, i32 1 %16 = load i64, i64* %15, align 8 %17 = add i32 %3, 2 %18 = zext i32 %17 to i64 %19 = icmp slt i64 %16, %18 br i1 %19, label %20, label %39 %21 = add i64 %16, -2 %22 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %21 %23 = zext i32 %3 to i64 %24 = getelementptr %struct.pid_entry, %struct.pid_entry* %2, i64 %23 %25 = icmp ult %struct.pid_entry* %22, %24 br i1 %25, label %26, label %39 %27 = phi %struct.pid_entry* [ %37, %34 ], [ %22, %20 ] %28 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 0 %29 = load i8*, i8** %28, align 8 %30 = getelementptr inbounds %struct.pid_entry, %struct.pid_entry* %27, i64 0, i32 1 %31 = load i32, i32* %30, align 8 %32 = bitcast %struct.pid_entry* %27 to i8* %33 = tail call zeroext i1 @proc_fill_cache(%struct.file.162626* %0, %struct.dir_context* %1, i8* %29, i32 %31, %struct.dentry.162705* (%struct.dentry.162705*, %struct.task_struct.162579*, i8*)* nonnull @proc_pident_instantiate, %struct.task_struct.162579* nonnull %10, i8* %32) #70 Function:proc_fill_cache %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.wait_queue_head, align 8 %10 = getelementptr inbounds %struct.file.162626, %struct.file.162626* %0, i64 0, i32 1, i32 1 %11 = load %struct.dentry.162705*, %struct.dentry.162705** %10, align 8 %12 = bitcast %struct.qstr* %8 to i8* %13 = bitcast %struct.qstr* %8 to %struct.util_est* %14 = bitcast %struct.qstr* %8 to i32* store i32 0, i32* %14, align 8 %15 = getelementptr inbounds %struct.util_est, %struct.util_est* %13, i64 0, i32 1 store i32 %3, i32* %15, align 4 %16 = getelementptr inbounds %struct.qstr, %struct.qstr* %8, i64 0, i32 1 store i8* %2, i8** %16, align 8 %17 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*)* @d_hash_and_lookup to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8) #69 %18 = icmp eq %struct.dentry.162705* %17, null br i1 %18, label %19, label %48 %20 = bitcast %struct.wait_queue_head* %9 to i8* %21 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %21, align 8 %22 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1 %23 = getelementptr inbounds %struct.list_head, %struct.list_head* %22, i64 0, i32 0 store %struct.list_head* %22, %struct.list_head** %23, align 8 %24 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %9, i64 0, i32 1, i32 1 store %struct.list_head* %22, %struct.list_head** %24, align 8 %25 = call %struct.dentry.162705* bitcast (%struct.dentry.136422* (%struct.dentry.136422*, %struct.qstr*, %struct.wait_queue_head*)* @d_alloc_parallel to %struct.dentry.162705* (%struct.dentry.162705*, %struct.qstr*, %struct.wait_queue_head*)*)(%struct.dentry.162705* %11, %struct.qstr* nonnull %8, %struct.wait_queue_head* nonnull %9) #69 ------------- Good: 12 Bad: 5 Ignored: 10 Check Use of Function:bad_inode_atomic_open Check Use of Function:ext4_xattr_trusted_get Check Use of Function:tty_unlock Check Use of Function:trailing_symlink Check Use of Function:security_shm_associate Use: =BAD PATH= Call Stack: 0 __x64_sys_shmget ------------- Path:  Function:__x64_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %4 to i32 %10 = trunc i64 %8 to i32 %11 = bitcast %struct.ipc_params* %2 to i8* %12 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %13 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %12, i64 0, i32 86 %14 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %13, align 16 %15 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %14, i64 0, i32 2 %16 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %15, align 8 %17 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %9, i32* %17, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %10, i32* %18, align 4 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %6, i64* %19, align 8 %20 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %16, i64 0, i32 1, i64 2 %21 = call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.244524*, %struct.ipc_ids*, %struct.ipc_ops.244721*, %struct.ipc_params*)*)(%struct.ipc_namespace.244524* %16, %struct.ipc_ids* %20, %struct.ipc_ops.244721* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 ------------- Use: =BAD PATH= Call Stack: 0 ksys_shmget 1 compat_ksys_ipc 2 __ia32_compat_sys_ipc ------------- Path:  Function:__ia32_compat_sys_ipc %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %11 = load i64, i64* %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 4 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %5 to i32 %16 = trunc i64 %7 to i32 %17 = trunc i64 %9 to i32 %18 = trunc i64 %11 to i32 %19 = trunc i64 %13 to i32 %20 = tail call i32 @compat_ksys_ipc(i32 %14, i32 %15, i32 %16, i32 %17, i32 %18, i32 %19) #69 Function:compat_ksys_ipc %7 = alloca %struct.util_est, align 4 %8 = alloca i64, align 8 %9 = lshr i32 %0, 16 %10 = trunc i32 %0 to i16 switch i16 %10, label %110 [ i16 1, label %11 i16 4, label %16 i16 2, label %23 i16 3, label %26 i16 11, label %43 i16 12, label %46 i16 13, label %71 i16 14, label %74 i16 21, label %79 i16 22, label %96 i16 23, label %101 i16 24, label %105 ] %102 = zext i32 %2 to i64 %103 = tail call i64 @ksys_shmget(i32 %1, i64 %102, i32 %3) #69 Function:ksys_shmget %4 = alloca %struct.ipc_params, align 8 %5 = bitcast %struct.ipc_params* %4 to i8* %6 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %7 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %6, i64 0, i32 86 %8 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %7, align 16 %9 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %8, i64 0, i32 2 %10 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %9, align 8 %11 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 0 store i32 %0, i32* %11, align 8 %12 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 1 store i32 %2, i32* %12, align 4 %13 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %4, i64 0, i32 2, i32 0 store i64 %1, i64* %13, align 8 %14 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %10, i64 0, i32 1, i64 2 %15 = call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.244524*, %struct.ipc_ids*, %struct.ipc_ops.244721*, %struct.ipc_params*)*)(%struct.ipc_namespace.244524* %10, %struct.ipc_ids* %14, %struct.ipc_ops.244721* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %4) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_shmget ------------- Path:  Function:__ia32_sys_shmget %2 = alloca %struct.ipc_params, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = trunc i64 %4 to i32 %11 = trunc i64 %9 to i32 %12 = bitcast %struct.ipc_params* %2 to i8* %13 = tail call %struct.task_struct.244653* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.244653** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.244653**)) #10, !srcloc !4 %14 = getelementptr inbounds %struct.task_struct.244653, %struct.task_struct.244653* %13, i64 0, i32 86 %15 = load %struct.nsproxy.244549*, %struct.nsproxy.244549** %14, align 16 %16 = getelementptr inbounds %struct.nsproxy.244549, %struct.nsproxy.244549* %15, i64 0, i32 2 %17 = load %struct.ipc_namespace.244524*, %struct.ipc_namespace.244524** %16, align 8 %18 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 0 store i32 %10, i32* %18, align 8 %19 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 1 store i32 %11, i32* %19, align 4 %20 = getelementptr inbounds %struct.ipc_params, %struct.ipc_params* %2, i64 0, i32 2, i32 0 store i64 %7, i64* %20, align 8 %21 = getelementptr %struct.ipc_namespace.244524, %struct.ipc_namespace.244524* %17, i64 0, i32 1, i64 2 %22 = call i32 bitcast (i32 (%struct.ipc_namespace.243034*, %struct.ipc_ids*, %struct.ipc_ops*, %struct.ipc_params*)* @ipcget to i32 (%struct.ipc_namespace.244524*, %struct.ipc_ids*, %struct.ipc_ops.244721*, %struct.ipc_params*)*)(%struct.ipc_namespace.244524* %17, %struct.ipc_ids* %21, %struct.ipc_ops.244721* nonnull @ksys_shmget.shm_ops, %struct.ipc_params* nonnull %2) #69 ------------- Good: 0 Bad: 3 Ignored: 0 Check Use of Function:rtnl_create_link Check Use of Function:vfat_create Check Use of Function:hugetlbfs_create Check Use of Function:get_fs_type Check Use of Function:get_order.16564 Check Use of Function:dissolve_on_fput Check Use of Function:proc_task_lookup Check Use of Function:register_netdevice Check Use of Function:simple_lookup Check Use of Function:proc_sys_lookup Check Use of Function:proc_root_lookup Check Use of Function:current_umask Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.250620, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.250620, align 8 %7 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %8 = load %struct.sock.250976*, %struct.sock.250976** %7, align 8 %9 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.251046*, %struct.net.251046** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.250620* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %240, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %240 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %240, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 1 %56 = bitcast %struct.socket.250973* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.250620, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.250620, align 8 %7 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %8 = load %struct.sock.250976*, %struct.sock.250976** %7, align 8 %9 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.251046*, %struct.net.251046** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.250620* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %240, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %240 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %240, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 1 %56 = bitcast %struct.socket.250973* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 unix_bind ------------- Path:  Function:unix_bind %4 = alloca %struct.path.250620, align 8 %5 = alloca i32, align 4 %6 = alloca %struct.path.250620, align 8 %7 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 0, i32 4 %8 = load %struct.sock.250976*, %struct.sock.250976** %7, align 8 %9 = getelementptr inbounds %struct.sock.250976, %struct.sock.250976* %8, i64 0, i32 0, i32 9, i32 0 %10 = load %struct.net.251046*, %struct.net.251046** %9, align 8 %11 = getelementptr inbounds %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 1, i64 0 %12 = bitcast i32* %5 to i8* %13 = bitcast %struct.path.250620* %6 to i8* %14 = icmp ult i32 %2, 2 br i1 %14, label %240, label %15 %16 = getelementptr %struct.sys_desc_table, %struct.sys_desc_table* %1, i64 0, i32 0 %17 = load i16, i16* %16, align 2 %18 = icmp eq i16 %17, 1 br i1 %18, label %19, label %240 %20 = icmp eq i32 %2, 2 br i1 %20, label %21, label %23 store i32 0, i32* %5, align 4 %24 = sext i32 %2 to i64 %25 = add i32 %2, -3 %26 = icmp ugt i32 %25, 107 %27 = icmp eq %struct.sys_desc_table* %1, null %28 = or i1 %27, %26 br i1 %28, label %240, label %29 %30 = load i8, i8* %11, align 2 %31 = icmp eq i8 %30, 0 %32 = bitcast %struct.sys_desc_table* %1 to i8* br i1 %31, label %33, label %43 %34 = tail call i32 @csum_partial(i8* nonnull %32, i32 %2, i32 0) #70 %35 = shl i32 %34, 16 %36 = and i32 %34, -65536 %37 = tail call i32 asm " addl $1,$0\0A adcl $$0xffff,$0", "=r,r,0,~{dirflag},~{fpsr},~{flags}"(i32 %35, i32 %36) #10, !srcloc !4 %38 = lshr i32 %37, 16 %39 = xor i32 %38, 65535 %40 = lshr i32 %39, 8 %41 = and i32 %39, 255 %42 = xor i32 %40, %41 store i32 %42, i32* %5, align 4 br label %49 %50 = phi i32 [ %42, %33 ], [ 0, %43 ] %51 = phi i32 [ %2, %33 ], [ %47, %43 ] %52 = load i8, i8* %11, align 1 %53 = icmp eq i8 %52, 0 br i1 %53, label %90, label %54 %55 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %0, i64 1 %56 = bitcast %struct.socket.250973* %55 to i16* %57 = load i16, i16* %56, align 8 %58 = tail call i32 @current_umask() #70 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mkdir ------------- Path:  Function:nfs4_proc_mkdir %4 = alloca %struct.nfs4_exception, align 8 %5 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %6 = load %struct.super_block.195272*, %struct.super_block.195272** %5, align 8 %7 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.215528** %9 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %8, align 32 %10 = bitcast %struct.nfs4_exception* %4 to i8* %11 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %4, i64 0, i32 5 store i8 1, i8* %11, align 1 %12 = getelementptr %struct.nfs_server.215528, %struct.nfs_server.215528* %9, i64 0, i32 33, i64 2 %13 = load i32, i32* %12, align 4 %14 = and i32 %13, 131072 %15 = icmp eq i32 %14, 0 br i1 %15, label %16, label %23 %17 = tail call i32 @current_umask() #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs4_proc_mknod ------------- Path:  Function:nfs4_proc_mknod %5 = alloca %struct.nfs4_exception, align 8 %6 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %7 = load %struct.super_block.195272*, %struct.super_block.195272** %6, align 8 %8 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %7, i64 0, i32 28 %9 = bitcast i8** %8 to %struct.nfs_server.215528** %10 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %9, align 32 %11 = bitcast %struct.nfs4_exception* %5 to i8* %12 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %5, i64 0, i32 5 store i8 1, i8* %12, align 1 %13 = getelementptr %struct.nfs_server.215528, %struct.nfs_server.215528* %10, i64 0, i32 33, i64 2 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 131072 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %24 %18 = tail call i32 @current_umask() #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_atomic_open ------------- Path:  Function:nfs_atomic_open %6 = alloca %struct.wait_queue_head, align 8 %7 = alloca %struct.iattr.194676, align 8 %8 = alloca i32, align 4 %9 = bitcast %struct.wait_queue_head* %6 to i8* %10 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0, i32 0 store i32 0, i32* %10, align 8 %11 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1 %12 = getelementptr inbounds %struct.list_head, %struct.list_head* %11, i64 0, i32 0 store %struct.list_head* %11, %struct.list_head** %12, align 8 %13 = getelementptr inbounds %struct.wait_queue_head, %struct.wait_queue_head* %6, i64 0, i32 1, i32 1 store %struct.list_head* %11, %struct.list_head** %13, align 8 %14 = bitcast %struct.iattr.194676* %7 to i8* %15 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %7, i64 0, i32 0 store i32 32768, i32* %15, align 8 %16 = bitcast i32* %8 to i8* store i32 0, i32* %8, align 4 %17 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %18 = load %struct.inode.195275*, %struct.inode.195275** %17, align 8 %19 = icmp eq %struct.inode.195275* %18, null br i1 %19, label %21, label %20, !prof !4, !misexpect !5 %22 = call i32 @nfs_check_flags(i32 %3) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %306 %25 = and i32 %3, 65536 %26 = icmp eq i32 %25, 0 br i1 %26, label %32, label %27 %33 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 4 %34 = bitcast %struct.qstr* %33 to %struct.util_est* %35 = getelementptr inbounds %struct.util_est, %struct.util_est* %34, i64 0, i32 1 %36 = load i32, i32* %35, align 4 %37 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %38 = load %struct.super_block.195272*, %struct.super_block.195272** %37, align 8 %39 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %38, i64 0, i32 28 %40 = bitcast i8** %39 to %struct.nfs_server.195427** %41 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %40, align 32 %42 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %41, i64 0, i32 22 %43 = load i32, i32* %42, align 8 %44 = icmp ugt i32 %36, %43 br i1 %44, label %306, label %45 %46 = and i32 %3, 64 %47 = icmp eq i32 %46, 0 br i1 %47, label %63, label %48 %49 = getelementptr %struct.nfs_server.195427, %struct.nfs_server.195427* %41, i64 0, i32 33, i64 2 %50 = load i32, i32* %49, align 4 %51 = and i32 %50, 131072 %52 = icmp eq i32 %51, 0 br i1 %52, label %53, label %58 %54 = call i32 @current_umask() #69 ------------- Good: 17 Bad: 6 Ignored: 18 Check Use of Function:alloc_file_pseudo Check Use of Function:mqueue_create Check Use of Function:__lookup_hash Check Use of Function:lock_rename Check Use of Function:filename_parentat Check Use of Function:getname_flags Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __ia32_sys_fsconfig ------------- Path:  Function:__ia32_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsconfig(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %122 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 5, i8* %122, align 8 %123 = tail call %struct.filename* @getname_flags(i8* %10, i32 16384, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __x64_sys_fsconfig ------------- Path:  Function:__x64_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsconfig(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %122 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 5, i8* %122, align 8 %123 = tail call %struct.filename* @getname_flags(i8* %10, i32 16384, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __ia32_sys_fsconfig ------------- Path:  Function:__ia32_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %15 = load i64, i64* %14, align 8 %16 = and i64 %15, 4294967295 %17 = tail call fastcc i64 @__se_sys_fsconfig(i64 %4, i64 %7, i64 %10, i64 %13, i64 %16) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %107 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 4, i8* %107, align 8 %108 = tail call %struct.filename* @getname_flags(i8* %10, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_fsconfig 1 __x64_sys_fsconfig ------------- Path:  Function:__x64_sys_fsconfig %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %11 = load i64, i64* %10, align 8 %12 = tail call fastcc i64 @__se_sys_fsconfig(i64 %3, i64 %5, i64 %7, i64 %9, i64 %11) #69 Function:__se_sys_fsconfig %6 = alloca %struct.fs_parameter, align 8 %7 = trunc i64 %0 to i32 %8 = trunc i64 %1 to i32 %9 = inttoptr i64 %2 to i8* %10 = inttoptr i64 %3 to i8* %11 = trunc i64 %4 to i32 %12 = bitcast %struct.fs_parameter* %6 to i8* %13 = icmp slt i32 %7, 0 br i1 %13, label %242, label %14 switch i32 %8, label %242 [ i32 0, label %15 i32 1, label %21 i32 2, label %27 i32 3, label %34 i32 4, label %34 i32 5, label %42 i32 6, label %48 i32 7, label %48 ] %49 = or i64 %3, %2 %50 = icmp ne i64 %49, 0 %51 = icmp ne i32 %11, 0 %52 = or i1 %50, %51 br i1 %52, label %242, label %53 %54 = tail call i64 @__fdget(i32 %7) #69 %55 = and i64 %54, -4 %56 = inttoptr i64 %55 to %struct.file.138748* %57 = icmp eq i64 %55, 0 br i1 %57, label %242, label %58 %59 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 3 %60 = load %struct.file_operations.138735*, %struct.file_operations.138735** %59, align 8 %61 = icmp eq %struct.file_operations.138735* %60, @fscontext_fops br i1 %61, label %62, label %235 %63 = getelementptr inbounds %struct.file.138748, %struct.file.138748* %56, i64 0, i32 16 %64 = bitcast i8** %63 to %struct.fs_context.138693** %65 = load %struct.fs_context.138693*, %struct.fs_context.138693** %64, align 8 %66 = getelementptr inbounds %struct.fs_context.138693, %struct.fs_context.138693* %65, i64 0, i32 0 %67 = load %struct.fs_context_operations.138320*, %struct.fs_context_operations.138320** %66, align 8 %68 = icmp eq %struct.fs_context_operations.138320* %67, bitcast ({ void (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*, %struct.fs_parameter*)*, i32 (%struct.fs_context.143997*, i8*)*, i32 (%struct.fs_context.143997*)*, i32 (%struct.fs_context.143997*)* }* @legacy_fs_context_ops to %struct.fs_context_operations.138320*) %69 = add nsw i32 %8, -2 %70 = icmp ult i32 %69, 4 %71 = and i1 %70, %68 br i1 %71, label %235, label %72 %73 = icmp eq i64 %2, 0 br i1 %73, label %81, label %74 %75 = tail call i8* @strndup_user(i8* nonnull %9, i64 256) #69 %76 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 0 store i8* %75, i8** %76, align 8 %77 = icmp ugt i8* %75, inttoptr (i64 -4096 to i8*) br i1 %77, label %78, label %81 switch i32 %8, label %142 [ i32 0, label %82 i32 1, label %84 i32 2, label %95 i32 3, label %106 i32 4, label %121 i32 5, label %136 ] %107 = getelementptr inbounds %struct.fs_parameter, %struct.fs_parameter* %6, i64 0, i32 1 store i8 4, i8* %107, align 8 %108 = tail call %struct.filename* @getname_flags(i8* %10, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_rename ------------- Path:  Function:__ia32_sys_rename %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call fastcc i32 @do_renameat2(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_rename ------------- Path:  Function:__x64_sys_rename %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call fastcc i32 @do_renameat2(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_renameat ------------- Path:  Function:__ia32_sys_renameat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = trunc i64 %3 to i32 %13 = inttoptr i64 %6 to i8* %14 = trunc i64 %8 to i32 %15 = inttoptr i64 %11 to i8* %16 = tail call fastcc i32 @do_renameat2(i32 %12, i8* %13, i32 %14, i8* %15, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_renameat ------------- Path:  Function:__x64_sys_renameat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = trunc i64 %3 to i32 %13 = trunc i64 %8 to i32 %14 = tail call fastcc i32 @do_renameat2(i32 %12, i8* %6, i32 %13, i8* %11, i32 0) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __ia32_sys_renameat2 ------------- Path:  Function:__ia32_sys_renameat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call fastcc i32 @do_renameat2(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_renameat2 1 __x64_sys_renameat2 ------------- Path:  Function:__x64_sys_renameat2 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call fastcc i32 @do_renameat2(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 Function:do_renameat2 %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.qstr, align 8 %9 = alloca %struct.qstr, align 8 %10 = alloca i32, align 4 %11 = alloca i32, align 4 %12 = alloca %struct.inode.134289*, align 8 %13 = bitcast %struct.path.134262* %6 to i8* %14 = bitcast %struct.path.134262* %7 to i8* %15 = bitcast %struct.qstr* %8 to i8* %16 = bitcast %struct.qstr* %9 to i8* %17 = bitcast i32* %10 to i8* %18 = bitcast i32* %11 to i8* %19 = bitcast %struct.inode.134289** %12 to i8* store %struct.inode.134289* null, %struct.inode.134289** %12, align 8 %20 = icmp ult i32 %4, 8 br i1 %20, label %21, label %240 %22 = and i32 %4, 5 %23 = icmp eq i32 %22, 0 %24 = and i32 %4, 2 %25 = icmp eq i32 %24, 0 %26 = or i1 %23, %25 br i1 %26, label %27, label %240 %28 = and i32 %4, 4 %29 = icmp eq i32 %28, 0 br i1 %29, label %32, label %30 %33 = shl nuw nsw i32 %24, 10 %34 = xor i32 %33, 2048 %35 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __ia32_sys_link ------------- Path:  Function:__ia32_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i32 @do_linkat(i32 -100, i8* %8, i32 -100, i8* %9, i32 0) #69 Function:do_linkat %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.inode.134289*, align 8 %9 = bitcast %struct.path.134262* %6 to i8* %10 = bitcast %struct.path.134262* %7 to i8* %11 = bitcast %struct.inode.134289** %8 to i8* store %struct.inode.134289* null, %struct.inode.134289** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __x64_sys_link ------------- Path:  Function:__x64_sys_link %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i32 @do_linkat(i32 -100, i8* %4, i32 -100, i8* %7, i32 0) #69 Function:do_linkat %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.inode.134289*, align 8 %9 = bitcast %struct.path.134262* %6 to i8* %10 = bitcast %struct.path.134262* %7 to i8* %11 = bitcast %struct.inode.134289** %8 to i8* store %struct.inode.134289* null, %struct.inode.134289** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __ia32_sys_linkat ------------- Path:  Function:__ia32_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = and i64 %10, 4294967295 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = inttoptr i64 %6 to i8* %16 = trunc i64 %8 to i32 %17 = inttoptr i64 %11 to i8* %18 = trunc i64 %13 to i32 %19 = tail call i32 @do_linkat(i32 %14, i8* %15, i32 %16, i8* %17, i32 %18) #69 Function:do_linkat %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.inode.134289*, align 8 %9 = bitcast %struct.path.134262* %6 to i8* %10 = bitcast %struct.path.134262* %7 to i8* %11 = bitcast %struct.inode.134289** %8 to i8* store %struct.inode.134289* null, %struct.inode.134289** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_linkat 1 __x64_sys_linkat ------------- Path:  Function:__x64_sys_linkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = bitcast i64* %9 to i8** %11 = load i8*, i8** %10, align 8 %12 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %13 = load i64, i64* %12, align 8 %14 = trunc i64 %3 to i32 %15 = trunc i64 %8 to i32 %16 = trunc i64 %13 to i32 %17 = tail call i32 @do_linkat(i32 %14, i8* %6, i32 %15, i8* %11, i32 %16) #69 Function:do_linkat %6 = alloca %struct.path.134262, align 8 %7 = alloca %struct.path.134262, align 8 %8 = alloca %struct.inode.134289*, align 8 %9 = bitcast %struct.path.134262* %6 to i8* %10 = bitcast %struct.path.134262* %7 to i8* %11 = bitcast %struct.inode.134289** %8 to i8* store %struct.inode.134289* null, %struct.inode.134289** %8, align 8 %12 = and i32 %4, -5121 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %128 %15 = and i32 %4, 4096 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call zeroext i1 @capable(i32 2) #69 br i1 %18, label %19, label %128 %20 = phi i32 [ 0, %14 ], [ 16384, %17 ] %21 = lshr i32 %4, 10 %22 = and i32 %21, 1 %23 = or i32 %20, %22 %24 = call %struct.filename* @getname_flags(i8* %1, i32 %23, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __ia32_sys_symlink ------------- Path:  Function:__ia32_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = inttoptr i64 %4 to i8* %9 = inttoptr i64 %7 to i8* %10 = tail call i64 @do_symlinkat(i8* %8, i32 -100, i8* %9) #69 Function:do_symlinkat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __x64_sys_symlink ------------- Path:  Function:__x64_sys_symlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to i8** %7 = load i8*, i8** %6, align 8 %8 = tail call i64 @do_symlinkat(i8* %4, i32 -100, i8* %7) #69 Function:do_symlinkat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __ia32_sys_symlinkat ------------- Path:  Function:__ia32_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = inttoptr i64 %4 to i8* %11 = trunc i64 %6 to i32 %12 = inttoptr i64 %9 to i8* %13 = tail call i64 @do_symlinkat(i8* %10, i32 %11, i8* %12) #69 Function:do_symlinkat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_symlinkat 1 __x64_sys_symlinkat ------------- Path:  Function:__x64_sys_symlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8** %9 = load i8*, i8** %8, align 8 %10 = trunc i64 %6 to i32 %11 = tail call i64 @do_symlinkat(i8* %4, i32 %10, i8* %9) #69 Function:do_symlinkat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %0, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_unlink ------------- Path:  Function:__ia32_sys_unlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %5, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_unlink ------------- Path:  Function:__x64_sys_unlink %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call %struct.filename* @getname_flags(i8* %4, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_unlinkat ------------- Path:  Function:__ia32_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = and i32 %11, -513 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %22 %15 = and i32 %11, 512 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %20 = tail call %struct.filename* @getname_flags(i8* %10, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_unlinkat ------------- Path:  Function:__x64_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = and i32 %10, -513 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %21 %14 = and i32 %10, 512 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %19 = tail call %struct.filename* @getname_flags(i8* %6, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __ia32_sys_unlinkat ------------- Path:  Function:__ia32_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i32 %12 = and i32 %11, -513 %13 = icmp eq i32 %12, 0 br i1 %13, label %14, label %22 %15 = and i32 %11, 512 %16 = icmp eq i32 %15, 0 br i1 %16, label %19, label %17 %18 = tail call i64 @do_rmdir(i32 %9, i8* %10) #69 Function:do_rmdir %3 = alloca %struct.path.134262, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.134262* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __x64_sys_unlinkat ------------- Path:  Function:__x64_sys_unlinkat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i32 %11 = and i32 %10, -513 %12 = icmp eq i32 %11, 0 br i1 %12, label %13, label %21 %14 = and i32 %10, 512 %15 = icmp eq i32 %14, 0 br i1 %15, label %18, label %16 %17 = tail call i64 @do_rmdir(i32 %9, i8* %6) #69 Function:do_rmdir %3 = alloca %struct.path.134262, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.134262* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __ia32_sys_rmdir ------------- Path:  Function:__ia32_sys_rmdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = inttoptr i64 %4 to i8* %6 = tail call i64 @do_rmdir(i32 -100, i8* %5) #69 Function:do_rmdir %3 = alloca %struct.path.134262, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.134262* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_rmdir 1 __x64_sys_rmdir ------------- Path:  Function:__x64_sys_rmdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = tail call i64 @do_rmdir(i32 -100, i8* %4) #69 Function:do_rmdir %3 = alloca %struct.path.134262, align 8 %4 = alloca %struct.qstr, align 8 %5 = alloca i32, align 4 %6 = bitcast %struct.path.134262* %3 to i8* %7 = bitcast %struct.qstr* %4 to i8* %8 = bitcast i32* %5 to i8* %9 = call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __ia32_sys_mkdir ------------- Path:  Function:__ia32_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = inttoptr i64 %4 to i8* %8 = trunc i64 %6 to i16 %9 = tail call i64 @do_mkdirat(i32 -100, i8* %7, i16 zeroext %8) #69 Function:do_mkdirat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __x64_sys_mkdir ------------- Path:  Function:__x64_sys_mkdir %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %6 to i16 %8 = tail call i64 @do_mkdirat(i32 -100, i8* %4, i16 zeroext %7) #69 Function:do_mkdirat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __ia32_sys_mkdirat ------------- Path:  Function:__ia32_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = inttoptr i64 %6 to i8* %11 = trunc i64 %8 to i16 %12 = tail call i64 @do_mkdirat(i32 %9, i8* %10, i16 zeroext %11) #69 Function:do_mkdirat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mkdirat 1 __x64_sys_mkdirat ------------- Path:  Function:__x64_sys_mkdirat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %3 to i32 %10 = trunc i64 %8 to i16 %11 = tail call i64 @do_mkdirat(i32 %9, i8* %6, i16 zeroext %10) #69 Function:do_mkdirat %4 = alloca %struct.path.134262, align 8 %5 = bitcast %struct.path.134262* %4 to i8* %6 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __ia32_sys_mknod ------------- Path:  Function:__ia32_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = inttoptr i64 %4 to i8* %10 = trunc i64 %6 to i16 %11 = trunc i64 %8 to i32 %12 = tail call i64 @do_mknodat(i32 -100, i8* %9, i16 zeroext %10, i32 %11) #69 Function:do_mknodat %5 = alloca %struct.path.134262, align 8 %6 = bitcast %struct.path.134262* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __x64_sys_mknod ------------- Path:  Function:__x64_sys_mknod %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = bitcast i64* %2 to i8** %4 = load i8*, i8** %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = load i64, i64* %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = trunc i64 %6 to i16 %10 = trunc i64 %8 to i32 %11 = tail call i64 @do_mknodat(i32 -100, i8* %4, i16 zeroext %9, i32 %10) #69 Function:do_mknodat %5 = alloca %struct.path.134262, align 8 %6 = bitcast %struct.path.134262* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __ia32_sys_mknodat ------------- Path:  Function:__ia32_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = inttoptr i64 %6 to i8* %13 = trunc i64 %8 to i16 %14 = trunc i64 %10 to i32 %15 = tail call i64 @do_mknodat(i32 %11, i8* %12, i16 zeroext %13, i32 %14) #69 Function:do_mknodat %5 = alloca %struct.path.134262, align 8 %6 = bitcast %struct.path.134262* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_mknodat 1 __x64_sys_mknodat ------------- Path:  Function:__x64_sys_mknodat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %10 = load i64, i64* %9, align 8 %11 = trunc i64 %3 to i32 %12 = trunc i64 %8 to i16 %13 = trunc i64 %10 to i32 %14 = tail call i64 @do_mknodat(i32 %11, i8* %6, i16 zeroext %12, i32 %13) #69 Function:do_mknodat %5 = alloca %struct.path.134262, align 8 %6 = bitcast %struct.path.134262* %5 to i8* %7 = lshr i16 %2, 12 %8 = zext i16 %7 to i32 switch i32 %8, label %9 [ i32 8, label %10 i32 2, label %10 i32 6, label %10 i32 1, label %10 i32 12, label %10 i32 0, label %10 i32 4, label %74 ] %11 = tail call %struct.filename* @getname_flags(i8* %1, i32 0, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_execveat ------------- Path:  Function:__x64_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = bitcast i64* %4 to i8** %6 = load i8*, i8** %5, align 8 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = bitcast i64* %7 to i8*** %9 = load i8**, i8*** %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = bitcast i64* %10 to i8*** %12 = load i8**, i8*** %11, align 8 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 9 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = trunc i64 %14 to i32 %17 = shl i32 %16, 2 %18 = and i32 %17, 16384 %19 = tail call %struct.filename* @getname_flags(i8* %6, i32 %18, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_execveat ------------- Path:  Function:__ia32_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = inttoptr i64 %9 to i8** %18 = inttoptr i64 %12 to i8** %19 = trunc i64 %14 to i32 %20 = shl i32 %19, 2 %21 = and i32 %20, 16384 %22 = tail call %struct.filename* @getname_flags(i8* %16, i32 %21, i32* null) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_compat_sys_execveat ------------- Path:  Function:__ia32_compat_sys_execveat %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = and i64 %5, 4294967295 %7 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %8 = load i64, i64* %7, align 8 %9 = and i64 %8, 4294967295 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %11 = load i64, i64* %10, align 8 %12 = and i64 %11, 4294967295 %13 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %14 = load i64, i64* %13, align 8 %15 = trunc i64 %3 to i32 %16 = inttoptr i64 %6 to i8* %17 = trunc i64 %14 to i32 %18 = shl i32 %17, 2 %19 = and i32 %18, 16384 %20 = tail call %struct.filename* @getname_flags(i8* %16, i32 %19, i32* null) #69 ------------- Good: 20 Bad: 37 Ignored: 5 Check Use of Function:vfs_unlink Check Use of Function:cgroup_leave_frozen Check Use of Function:vfs_rmdir Check Use of Function:inet6_addr_del Check Use of Function:blkdev_write_iter Check Use of Function:audit_log_link_denied Check Use of Function:sd_pr_release Check Use of Function:__dquot_alloc_space Check Use of Function:vfs_link Check Use of Function:tty_ldisc_reinit Check Use of Function:filename_create Check Use of Function:sd_pr_reserve Check Use of Function:__dquot_free_space Check Use of Function:vfs_mkdir Check Use of Function:sd_pr_clear Check Use of Function:vfs_create Check Use of Function:finish_open Check Use of Function:shmem_unlock_mapping Check Use of Function:security_sb_kern_mount Check Use of Function:vfs_tmpfile Check Use of Function:proc_tgid_net_lookup Check Use of Function:put_old_itimerspec32 Use: =BAD PATH= Call Stack: 0 __ia32_sys_timerfd_gettime32 ------------- Path:  Function:__ia32_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = trunc i64 %4 to i32 %8 = bitcast %struct.itimerspec64* %2 to i8* %9 = call fastcc i32 @do_timerfd_gettime(i32 %7, %struct.itimerspec64* nonnull %2) #69 %10 = icmp eq i32 %9, 0 br i1 %10, label %13, label %11 %14 = and i64 %6, 4294967295 %15 = inttoptr i64 %14 to %struct.old_itimerspec32* %16 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %15) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timerfd_gettime32 ------------- Path:  Function:__x64_sys_timerfd_gettime32 %2 = alloca %struct.itimerspec64, align 8 %3 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %4 = load i64, i64* %3, align 8 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %6 = bitcast i64* %5 to %struct.old_itimerspec32** %7 = load %struct.old_itimerspec32*, %struct.old_itimerspec32** %6, align 8 %8 = trunc i64 %4 to i32 %9 = bitcast %struct.itimerspec64* %2 to i8* %10 = call fastcc i32 @do_timerfd_gettime(i32 %8, %struct.itimerspec64* nonnull %2) #69 %11 = icmp eq i32 %10, 0 br i1 %11, label %14, label %12 %15 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* %7) #69 ------------- Use: =BAD PATH= Call Stack: 0 __ia32_sys_timer_settime32 ------------- Path:  Function:__ia32_sys_timer_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = and i64 %9, 4294967295 %11 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %12 = load i64, i64* %11, align 8 %13 = and i64 %12, 4294967295 %14 = trunc i64 %5 to i32 %15 = trunc i64 %7 to i32 %16 = inttoptr i64 %13 to %struct.old_itimerspec32* %17 = bitcast %struct.itimerspec64* %2 to i8* %18 = bitcast %struct.itimerspec64* %3 to i8* %19 = icmp ne i64 %13, 0 %20 = select i1 %19, %struct.itimerspec64* %3, %struct.itimerspec64* null %21 = icmp eq i64 %10, 0 br i1 %21, label %37, label %22 %23 = inttoptr i64 %10 to %struct.old_itimerspec32* %24 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* nonnull %23) #69 %25 = icmp eq i32 %24, 0 br i1 %25, label %26, label %37 %27 = call fastcc i32 @do_timer_settime(i32 %14, i32 %15, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* %20) #69 %28 = icmp eq i32 %27, 0 %29 = and i1 %19, %28 br i1 %29, label %30, label %34 %31 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %3, %struct.old_itimerspec32* nonnull %16) #69 ------------- Use: =BAD PATH= Call Stack: 0 __x64_sys_timer_settime32 ------------- Path:  Function:__x64_sys_timer_settime32 %2 = alloca %struct.itimerspec64, align 8 %3 = alloca %struct.itimerspec64, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %7 = load i64, i64* %6, align 8 %8 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %9 = load i64, i64* %8, align 8 %10 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 7 %11 = load i64, i64* %10, align 8 %12 = trunc i64 %5 to i32 %13 = trunc i64 %7 to i32 %14 = inttoptr i64 %11 to %struct.old_itimerspec32* %15 = bitcast %struct.itimerspec64* %2 to i8* %16 = bitcast %struct.itimerspec64* %3 to i8* %17 = icmp ne i64 %11, 0 %18 = select i1 %17, %struct.itimerspec64* %3, %struct.itimerspec64* null %19 = icmp eq i64 %9, 0 br i1 %19, label %35, label %20 %21 = inttoptr i64 %9 to %struct.old_itimerspec32* %22 = call i32 @get_old_itimerspec32(%struct.itimerspec64* nonnull %2, %struct.old_itimerspec32* nonnull %21) #69 %23 = icmp eq i32 %22, 0 br i1 %23, label %24, label %35 %25 = call fastcc i32 @do_timer_settime(i32 %12, i32 %13, %struct.itimerspec64* nonnull %2, %struct.itimerspec64* %18) #69 %26 = icmp eq i32 %25, 0 %27 = and i1 %17, %26 br i1 %27, label %28, label %32 %29 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %3, %struct.old_itimerspec32* nonnull %14) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_timer_gettime32 1 __ia32_sys_timer_gettime32 ------------- Path:  Function:__ia32_sys_timer_gettime32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = and i64 %3, 4294967295 %5 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %6 = load i64, i64* %5, align 8 %7 = and i64 %6, 4294967295 %8 = tail call fastcc i64 @__se_sys_timer_gettime32(i64 %4, i64 %7) #69 Function:__se_sys_timer_gettime32 %3 = alloca %struct.itimerspec64, align 8 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to %struct.old_itimerspec32* %6 = bitcast %struct.itimerspec64* %3 to i8* %7 = icmp slt i32 %4, 0 br i1 %7, label %72, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !5 %10 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 87 %11 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %10, align 8 %12 = ptrtoint %struct.signal_struct.43021* %11 to i64 %13 = lshr i64 %12, 32 %14 = xor i64 %12, %0 %15 = xor i64 %14, %13 %16 = mul i64 %15, 1640531527 %17 = lshr i64 %16, 23 %18 = and i64 %17, 511 %19 = getelementptr [512 x %struct.hlist_head], [512 x %struct.hlist_head]* @posix_timers_hashtable, i64 0, i64 %18 %20 = bitcast %struct.hlist_head* %19 to i64* %21 = load volatile i64, i64* %20, align 8 %22 = inttoptr i64 %21 to %struct.hlist_node* %23 = icmp eq i64 %21, 0 %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -1 %25 = icmp eq %struct.hlist_node* %24, null %26 = or i1 %23, %25 br i1 %26, label %58, label %27 %28 = bitcast %struct.hlist_node* %24 to %struct.k_itimer.80847* br label %29 %30 = phi %struct.k_itimer.80847* [ %46, %38 ], [ %28, %27 ] %31 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 12 %32 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %31, align 8 %33 = icmp eq %struct.signal_struct.43021* %32, %11 br i1 %33, label %34, label %38 %35 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 5 %36 = load i32, i32* %35, align 4 %37 = icmp eq i32 %36, %4 br i1 %37, label %48, label %38 %49 = icmp eq %struct.k_itimer.80847* %30, null br i1 %49, label %58, label %50 %51 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 12 %52 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 2, i32 0, i32 0 %53 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %52) #69 %54 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %51, align 8 %55 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %10, align 8 %56 = icmp eq %struct.signal_struct.43021* %54, %55 br i1 %56, label %59, label %57 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %60 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 3 %61 = load %struct.k_clock.80849*, %struct.k_clock.80849** %60, align 8 %62 = icmp eq %struct.k_clock.80849* %61, null br i1 %62, label %67, label %63, !prof !7 %64 = getelementptr inbounds %struct.k_clock.80849, %struct.k_clock.80849* %61, i64 0, i32 8 %65 = load void (%struct.k_itimer.80847*, %struct.itimerspec64*)*, void (%struct.k_itimer.80847*, %struct.itimerspec64*)** %64, align 8 %66 = icmp eq void (%struct.k_itimer.80847*, %struct.itimerspec64*)* %65, null br i1 %66, label %67, label %68, !prof !7, !misexpect !8 call void %65(%struct.k_itimer.80847* nonnull %30, %struct.itimerspec64* nonnull %3) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %52, i64 %53) #69 %69 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %3, %struct.old_itimerspec32* %5) #69 ------------- Use: =BAD PATH= Call Stack: 0 __se_sys_timer_gettime32 1 __x64_sys_timer_gettime32 ------------- Path:  Function:__x64_sys_timer_gettime32 %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = tail call fastcc i64 @__se_sys_timer_gettime32(i64 %3, i64 %5) #69 Function:__se_sys_timer_gettime32 %3 = alloca %struct.itimerspec64, align 8 %4 = trunc i64 %0 to i32 %5 = inttoptr i64 %1 to %struct.old_itimerspec32* %6 = bitcast %struct.itimerspec64* %3 to i8* %7 = icmp slt i32 %4, 0 br i1 %7, label %72, label %8 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !4 %9 = tail call %struct.task_struct.43108* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.43108** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.43108**)) #10, !srcloc !5 %10 = getelementptr inbounds %struct.task_struct.43108, %struct.task_struct.43108* %9, i64 0, i32 87 %11 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %10, align 8 %12 = ptrtoint %struct.signal_struct.43021* %11 to i64 %13 = lshr i64 %12, 32 %14 = xor i64 %12, %0 %15 = xor i64 %14, %13 %16 = mul i64 %15, 1640531527 %17 = lshr i64 %16, 23 %18 = and i64 %17, 511 %19 = getelementptr [512 x %struct.hlist_head], [512 x %struct.hlist_head]* @posix_timers_hashtable, i64 0, i64 %18 %20 = bitcast %struct.hlist_head* %19 to i64* %21 = load volatile i64, i64* %20, align 8 %22 = inttoptr i64 %21 to %struct.hlist_node* %23 = icmp eq i64 %21, 0 %24 = getelementptr %struct.hlist_node, %struct.hlist_node* %22, i64 -1 %25 = icmp eq %struct.hlist_node* %24, null %26 = or i1 %23, %25 br i1 %26, label %58, label %27 %28 = bitcast %struct.hlist_node* %24 to %struct.k_itimer.80847* br label %29 %30 = phi %struct.k_itimer.80847* [ %46, %38 ], [ %28, %27 ] %31 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 12 %32 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %31, align 8 %33 = icmp eq %struct.signal_struct.43021* %32, %11 br i1 %33, label %34, label %38 %35 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 5 %36 = load i32, i32* %35, align 4 %37 = icmp eq i32 %36, %4 br i1 %37, label %48, label %38 %49 = icmp eq %struct.k_itimer.80847* %30, null br i1 %49, label %58, label %50 %51 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 12 %52 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 2, i32 0, i32 0 %53 = tail call i64 @_raw_spin_lock_irqsave(%struct.raw_spinlock* %52) #69 %54 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %51, align 8 %55 = load %struct.signal_struct.43021*, %struct.signal_struct.43021** %10, align 8 %56 = icmp eq %struct.signal_struct.43021* %54, %55 br i1 %56, label %59, label %57 tail call void asm sideeffect "", "~{memory},~{dirflag},~{fpsr},~{flags}"() #6, !srcloc !6 %60 = getelementptr inbounds %struct.k_itimer.80847, %struct.k_itimer.80847* %30, i64 0, i32 3 %61 = load %struct.k_clock.80849*, %struct.k_clock.80849** %60, align 8 %62 = icmp eq %struct.k_clock.80849* %61, null br i1 %62, label %67, label %63, !prof !7 %64 = getelementptr inbounds %struct.k_clock.80849, %struct.k_clock.80849* %61, i64 0, i32 8 %65 = load void (%struct.k_itimer.80847*, %struct.itimerspec64*)*, void (%struct.k_itimer.80847*, %struct.itimerspec64*)** %64, align 8 %66 = icmp eq void (%struct.k_itimer.80847*, %struct.itimerspec64*)* %65, null br i1 %66, label %67, label %68, !prof !7, !misexpect !8 call void %65(%struct.k_itimer.80847* nonnull %30, %struct.itimerspec64* nonnull %3) #69 call void @_raw_spin_unlock_irqrestore(%struct.raw_spinlock* %52, i64 %53) #69 %69 = call i32 @put_old_itimerspec32(%struct.itimerspec64* nonnull %3, %struct.old_itimerspec32* %5) #69 ------------- Good: 2 Bad: 6 Ignored: 0 Check Use of Function:destroy_local_trace_uprobe Check Use of Function:enable_swap_slots_cache Check Use of Function:sock_release Check Use of Function:mq_walk Check Use of Function:kthread_stop Check Use of Function:percpu_ref_init Check Use of Function:dquot_add_space Check Use of Function:user_path_mountpoint_at Check Use of Function:vfs_create_mount Check Use of Function:dev_set_alias Check Use of Function:shrink_dcache_parent Check Use of Function:sr_tray_move Check Use of Function:shmem_xattr_handler_get Check Use of Function:udp_v6_rehash Check Use of Function:ext4_xattr_user_get Check Use of Function:try_to_unuse Check Use of Function:security_inode_getsecurity Check Use of Function:filemap_write_and_wait Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_file_flush ------------- Path:  Function:nfs4_file_flush %3 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %0, i64 0, i32 2 %4 = load %struct.inode.195275*, %struct.inode.195275** %3, align 8 %5 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %4, i64 0, i32 8 %6 = load %struct.super_block.195272*, %struct.super_block.195272** %5, align 8 %7 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %6, i64 0, i32 28 %8 = bitcast i8** %7 to %struct.nfs_server.195427** %9 = load %struct.nfs_server.195427*, %struct.nfs_server.195427** %8, align 32 %10 = getelementptr inbounds %struct.nfs_server.195427, %struct.nfs_server.195427* %9, i64 0, i32 6 %11 = load %struct.nfs_iostats*, %struct.nfs_iostats** %10, align 8 %12 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %11, i64 0, i32 1, i64 14 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %12, i64* %12) #6, !srcloc !4 %13 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %0, i64 0, i32 8 %14 = load i32, i32* %13, align 4 %15 = and i32 %14, 2 %16 = icmp eq i32 %15, 0 br i1 %16, label %30, label %17 %18 = tail call zeroext i1 bitcast (i1 (%struct.inode.220272*)* @nfs4_delegation_flush_on_close to i1 (%struct.inode.195275*)*)(%struct.inode.195275* %4) #69 %19 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %0, i64 0, i32 19 %20 = load %struct.address_space.195241*, %struct.address_space.195241** %19, align 8 br i1 %18, label %23, label %21 %24 = getelementptr inbounds %struct.address_space.195241, %struct.address_space.195241* %20, i64 0, i32 11 %25 = tail call i32 @errseq_sample(i32* %24) #69 %26 = tail call i32 @nfs_wb_all(%struct.inode.195275* %4) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_lock ------------- Path:  Function:nfs_lock %4 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %0, i64 0, i32 19 %5 = load %struct.address_space.195588*, %struct.address_space.195588** %4, align 8 %6 = getelementptr inbounds %struct.address_space.195588, %struct.address_space.195588* %5, i64 0, i32 0 %7 = load %struct.inode.196077*, %struct.inode.196077** %6, align 8 %8 = getelementptr inbounds %struct.inode.196077, %struct.inode.196077* %7, i64 0, i32 8 %9 = load %struct.super_block.196065*, %struct.super_block.196065** %8, align 8 %10 = getelementptr inbounds %struct.super_block.196065, %struct.super_block.196065* %9, i64 0, i32 28 %11 = bitcast i8** %10 to %struct.nfs_server.196215** %12 = load %struct.nfs_server.196215*, %struct.nfs_server.196215** %11, align 32 %13 = getelementptr inbounds %struct.nfs_server.196215, %struct.nfs_server.196215* %12, i64 0, i32 6 %14 = load %struct.nfs_iostats*, %struct.nfs_iostats** %13, align 8 %15 = getelementptr %struct.nfs_iostats, %struct.nfs_iostats* %14, i64 0, i32 1, i64 16 tail call void asm sideeffect "incq %gs:$0", "=*m,*m,~{dirflag},~{fpsr},~{flags}"(i64* %15, i64* %15) #6, !srcloc !4 %16 = getelementptr inbounds %struct.inode.196077, %struct.inode.196077* %7, i64 0, i32 0 %17 = load i16, i16* %16, align 8 %18 = and i16 %17, 1032 %19 = icmp eq i16 %18, 1024 br i1 %19, label %20, label %24 %25 = load %struct.super_block.196065*, %struct.super_block.196065** %8, align 8 %26 = getelementptr inbounds %struct.super_block.196065, %struct.super_block.196065* %25, i64 0, i32 28 %27 = bitcast i8** %26 to %struct.nfs_server.196215** %28 = load %struct.nfs_server.196215*, %struct.nfs_server.196215** %27, align 32 %29 = getelementptr inbounds %struct.nfs_server.196215, %struct.nfs_server.196215* %28, i64 0, i32 8 %30 = load i32, i32* %29, align 8 %31 = lshr i32 %30, 21 %32 = and i32 %31, 1 %33 = getelementptr inbounds %struct.nfs_server.196215, %struct.nfs_server.196215* %28, i64 0, i32 0 %34 = load %struct.nfs_client.196210*, %struct.nfs_client.196210** %33, align 8 %35 = getelementptr inbounds %struct.nfs_client.196210, %struct.nfs_client.196210* %34, i64 0, i32 12 %36 = load %struct.nfs_rpc_ops.196193*, %struct.nfs_rpc_ops.196193** %35, align 8 %37 = getelementptr inbounds %struct.nfs_rpc_ops.196193, %struct.nfs_rpc_ops.196193* %36, i64 0, i32 43 %38 = load i32 (%struct.file_lock.196073*)*, i32 (%struct.file_lock.196073*)** %37, align 8 %39 = icmp eq i32 (%struct.file_lock.196073*)* %38, null br i1 %39, label %43, label %40 %44 = icmp eq i32 %1, 5 br i1 %44, label %45, label %82 %83 = getelementptr inbounds %struct.file_lock.196073, %struct.file_lock.196073* %2, i64 0, i32 7 %84 = load i8, i8* %83, align 4 %85 = icmp eq i8 %84, 2 br i1 %85, label %86, label %88 %87 = tail call fastcc i32 @do_unlk(%struct.file.196086* %0, i32 %1, %struct.file_lock.196073* %2, i32 %32) #70 Function:do_unlk %5 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %0, i64 0, i32 19 %6 = load %struct.address_space.195588*, %struct.address_space.195588** %5, align 8 %7 = getelementptr inbounds %struct.address_space.195588, %struct.address_space.195588* %6, i64 0, i32 0 %8 = load %struct.inode.196077*, %struct.inode.196077** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.196077*)*)(%struct.inode.196077* %8) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 do_unlk 2 nfs_flock ------------- Path:  Function:nfs_flock %4 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %0, i64 0, i32 19 %5 = load %struct.address_space.195588*, %struct.address_space.195588** %4, align 8 %6 = getelementptr inbounds %struct.address_space.195588, %struct.address_space.195588* %5, i64 0, i32 0 %7 = load %struct.inode.196077*, %struct.inode.196077** %6, align 8 %8 = getelementptr inbounds %struct.file_lock.196073, %struct.file_lock.196073* %2, i64 0, i32 6 %9 = load i32, i32* %8, align 8 %10 = and i32 %9, 2 %11 = icmp eq i32 %10, 0 br i1 %11, label %32, label %12 %13 = getelementptr inbounds %struct.file_lock.196073, %struct.file_lock.196073* %2, i64 0, i32 7 %14 = load i8, i8* %13, align 4 %15 = and i8 %14, 32 %16 = icmp eq i8 %15, 0 br i1 %16, label %17, label %32 %18 = getelementptr inbounds %struct.inode.196077, %struct.inode.196077* %7, i64 0, i32 8 %19 = load %struct.super_block.196065*, %struct.super_block.196065** %18, align 8 %20 = getelementptr inbounds %struct.super_block.196065, %struct.super_block.196065* %19, i64 0, i32 28 %21 = bitcast i8** %20 to %struct.nfs_server.196215** %22 = load %struct.nfs_server.196215*, %struct.nfs_server.196215** %21, align 32 %23 = getelementptr inbounds %struct.nfs_server.196215, %struct.nfs_server.196215* %22, i64 0, i32 8 %24 = load i32, i32* %23, align 8 %25 = lshr i32 %24, 20 %26 = and i32 %25, 1 %27 = icmp eq i8 %14, 2 br i1 %27, label %28, label %30 %29 = tail call fastcc i32 @do_unlk(%struct.file.196086* %0, i32 %1, %struct.file_lock.196073* %2, i32 %26) #69 Function:do_unlk %5 = getelementptr inbounds %struct.file.196086, %struct.file.196086* %0, i64 0, i32 19 %6 = load %struct.address_space.195588*, %struct.address_space.195588** %5, align 8 %7 = getelementptr inbounds %struct.address_space.195588, %struct.address_space.195588* %6, i64 0, i32 0 %8 = load %struct.inode.196077*, %struct.inode.196077** %7, align 8 %9 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.196077*)*)(%struct.inode.196077* %8) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 _nfs4_do_setattr 3 nfs4_do_setattr 4 nfs4_proc_setattr ------------- Path:  Function:nfs4_proc_setattr %4 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %0, i64 0, i32 5 %5 = load %struct.inode.195275*, %struct.inode.195275** %4, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %1) #69 %6 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %2, i64 0, i32 0 %7 = load i32, i32* %6, align 8 %8 = trunc i32 %7 to i16 %9 = icmp sgt i16 %8, -1 br i1 %9, label %12, label %10 %13 = phi i32 [ %7, %3 ], [ %11, %10 ] %14 = and i32 %13, -40961 %15 = icmp eq i32 %14, 0 br i1 %15, label %40, label %16 %17 = and i32 %13, 8192 %18 = icmp eq i32 %17, 0 br i1 %18, label %29, label %19 %20 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %2, i64 0, i32 8 %21 = load %struct.file.195283*, %struct.file.195283** %20, align 8 %22 = getelementptr inbounds %struct.file.195283, %struct.file.195283* %21, i64 0, i32 16 %23 = bitcast i8** %22 to %struct.nfs_open_context.215562** %24 = load %struct.nfs_open_context.215562*, %struct.nfs_open_context.215562** %23, align 8 %25 = icmp eq %struct.nfs_open_context.215562* %24, null br i1 %25, label %29, label %26 %27 = getelementptr inbounds %struct.nfs_open_context.215562, %struct.nfs_open_context.215562* %24, i64 0, i32 3 %28 = load %struct.cred*, %struct.cred** %27, align 8 br label %29 %30 = phi %struct.cred* [ %28, %26 ], [ null, %19 ], [ null, %16 ] %31 = phi %struct.nfs_open_context.215562* [ %24, %26 ], [ null, %19 ], [ null, %16 ] %32 = and i32 %13, 7 %33 = icmp eq i32 %32, 0 br i1 %33, label %36, label %34 %37 = tail call fastcc i32 @nfs4_do_setattr(%struct.inode.195275* %5, %struct.cred* %30, %struct.nfs_fattr* %1, %struct.iattr.194676* %2, %struct.nfs_open_context.215562* %31, %struct.nfs4_label* null) #70 Function:nfs4_do_setattr %7 = alloca [3 x i32], align 4 %8 = alloca %struct.nfs_setattrargs, align 8 %9 = alloca %struct.nfs_setattrres, align 8 %10 = alloca %struct.nfs4_exception, align 8 %11 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %12 = load %struct.super_block.195272*, %struct.super_block.195272** %11, align 8 %13 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %12, i64 0, i32 28 %14 = bitcast i8** %13 to %struct.nfs_server.215528** %15 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %14, align 32 %16 = bitcast [3 x i32]* %7 to i8* %17 = icmp eq %struct.nfs_open_context.215562* %4, null br i1 %17, label %21, label %18 %22 = phi %struct.nfs4_state.215561* [ %20, %18 ], [ null, %6 ] %23 = bitcast %struct.nfs_setattrargs* %8 to i8* %24 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 1 %25 = getelementptr %struct.inode.195275, %struct.inode.195275* %0, i64 -1, i32 15, i32 1 %26 = getelementptr inbounds i64, i64* %25, i64 1 %27 = bitcast %struct.nfs_fh** %24 to i64** store i64* %26, i64** %27, align 8 %28 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 2 %29 = bitcast %struct.nfs4_stateid_struct* %28 to i8* %30 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 3 store %struct.iattr.194676* %3, %struct.iattr.194676** %30, align 8 %31 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 4 store %struct.nfs_server.215528* %15, %struct.nfs_server.215528** %31, align 8 %32 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 5 %33 = getelementptr inbounds [3 x i32], [3 x i32]* %7, i64 0, i64 0 store i32* %33, i32** %32, align 8 %34 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %8, i64 0, i32 6 store %struct.nfs4_label* %5, %struct.nfs4_label** %34, align 8 %35 = bitcast %struct.nfs_setattrres* %9 to i8* %36 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 1 store %struct.nfs_fattr* %2, %struct.nfs_fattr** %36, align 8 %37 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 2 store %struct.nfs4_label* null, %struct.nfs4_label** %37, align 8 %38 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %9, i64 0, i32 3 store %struct.nfs_server.215528* %15, %struct.nfs_server.215528** %38, align 8 %39 = bitcast %struct.nfs4_exception* %10 to i8* %40 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 0 store %struct.nfs4_state.215561* %22, %struct.nfs4_state.215561** %40, align 8 %41 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 1 store %struct.inode.195275* %0, %struct.inode.195275** %41, align 8 %42 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 2 store %struct.nfs4_stateid_struct* %28, %struct.nfs4_stateid_struct** %42, align 8 %43 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 3 store i64 0, i64* %43, align 8 %44 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 4 store i8 0, i8* %44, align 8 %45 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %10, i64 0, i32 5 store i8 0, i8* %45, align 1 %46 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %15, i64 0, i32 33, i64 0 %47 = bitcast i32* %46 to i8* %48 = icmp eq %struct.inode.195275* %0, null %49 = getelementptr inbounds i64, i64* %25, i64 19 %50 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %3, i64 0, i32 0 %51 = getelementptr inbounds %struct.nfs_server.215528, %struct.nfs_server.215528* %15, i64 0, i32 0 %52 = icmp eq %struct.nfs4_state.215561* %22, null %53 = getelementptr inbounds %struct.nfs4_state.215561, %struct.nfs4_state.215561* %22, i64 0, i32 13 br label %54 br i1 %48, label %74, label %55 %75 = call fastcc i32 @_nfs4_do_setattr(%struct.inode.195275* %0, %struct.nfs_setattrargs* nonnull %8, %struct.nfs_setattrres* nonnull %9, %struct.cred* %1, %struct.nfs_open_context.215562* %4) #70 Function:_nfs4_do_setattr %6 = alloca %struct.nfs4_call_sync_data, align 8 %7 = alloca %struct.rpc_task_setup.196956, align 8 %8 = alloca %struct.rpc_message.196909, align 8 %9 = alloca %struct.cred*, align 8 %10 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 8 %11 = load %struct.super_block.195272*, %struct.super_block.195272** %10, align 8 %12 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %11, i64 0, i32 28 %13 = bitcast i8** %12 to %struct.nfs_server.215528** %14 = load %struct.nfs_server.215528*, %struct.nfs_server.215528** %13, align 32 %15 = bitcast %struct.rpc_message.196909* %8 to i8* %16 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 0 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 9), %struct.rpc_procinfo.196908** %16, align 8 %17 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 1 %18 = bitcast i8** %17 to %struct.nfs_setattrargs** store %struct.nfs_setattrargs* %1, %struct.nfs_setattrargs** %18, align 8 %19 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 2 %20 = bitcast i8** %19 to %struct.nfs_setattrres** store %struct.nfs_setattrres* %2, %struct.nfs_setattrres** %20, align 8 %21 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %8, i64 0, i32 3 store %struct.cred* %3, %struct.cred** %21, align 8 %22 = bitcast %struct.cred** %9 to i8* store %struct.cred* null, %struct.cred** %9, align 8 %23 = load volatile i64, i64* @jiffies, align 64 %24 = getelementptr inbounds %struct.nfs_setattrres, %struct.nfs_setattrres* %2, i64 0, i32 1 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = getelementptr inbounds %struct.nfs_setattrargs, %struct.nfs_setattrargs* %1, i64 0, i32 3 %27 = load %struct.iattr.194676*, %struct.iattr.194676** %26, align 8 %28 = getelementptr inbounds %struct.iattr.194676, %struct.iattr.194676* %27, i64 0, i32 0 %29 = load i32, i32* %28, align 8 %30 = and i32 %29, 8 %31 = icmp eq i32 %30, 0 br i1 %31, label %32, label %34 %33 = tail call i32 bitcast (i32 (%struct.inode.220272*)* @nfs4_inode_make_writeable to i32 (%struct.inode.195275*)*)(%struct.inode.195275* %0) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %3 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.220272*)*)(%struct.inode.220272* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 nfs4_proc_rename_setup ------------- Path:  Function:nfs4_proc_rename_setup %4 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_renameargs.215550** %6 = load %struct.nfs_renameargs.215550*, %struct.nfs_renameargs.215550** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_renameres.215551** %9 = load %struct.nfs_renameres.215551*, %struct.nfs_renameres.215551** %8, align 8 %10 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %11 = load %struct.inode.195275*, %struct.inode.195275** %10, align 8 %12 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %2, i64 0, i32 5 %13 = load %struct.inode.195275*, %struct.inode.195275** %12, align 8 %14 = icmp eq %struct.inode.195275* %11, null br i1 %14, label %17, label %15 %16 = tail call i32 bitcast (i32 (%struct.inode.220272*)* @nfs4_inode_make_writeable to i32 (%struct.inode.195275*)*)(%struct.inode.195275* nonnull %11) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %3 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.220272*)*)(%struct.inode.220272* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_make_writeable 2 nfs4_proc_remove ------------- Path:  Function:nfs4_proc_remove %3 = alloca %struct.nfs4_exception, align 8 %4 = bitcast %struct.nfs4_exception* %3 to i8* %5 = getelementptr inbounds %struct.nfs4_exception, %struct.nfs4_exception* %3, i64 0, i32 5 store i8 1, i8* %5, align 1 %6 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 5 %7 = load %struct.inode.195275*, %struct.inode.195275** %6, align 8 %8 = icmp eq %struct.inode.195275* %7, null br i1 %8, label %17, label %9 %10 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %7, i64 0, i32 12, i32 0 %11 = load i32, i32* %10, align 8 %12 = icmp eq i32 %11, 1 br i1 %12, label %13, label %15 %16 = tail call i32 bitcast (i32 (%struct.inode.220272*)* @nfs4_inode_make_writeable to i32 (%struct.inode.195275*)*)(%struct.inode.195275* nonnull %7) #69 Function:nfs4_inode_make_writeable %2 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %3 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.220272*)*)(%struct.inode.220272* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_wb_all 1 nfs4_inode_return_delegation 2 nfs4_proc_unlink_setup ------------- Path:  Function:nfs4_proc_unlink_setup %4 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %0, i64 0, i32 1 %5 = bitcast i8** %4 to %struct.nfs_removeargs.215546** %6 = load %struct.nfs_removeargs.215546*, %struct.nfs_removeargs.215546** %5, align 8 %7 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %0, i64 0, i32 2 %8 = bitcast i8** %7 to %struct.nfs_removeres.215548** %9 = load %struct.nfs_removeres.215548*, %struct.nfs_removeres.215548** %8, align 8 %10 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %1, i64 0, i32 9 %11 = load %struct.super_block.195272*, %struct.super_block.195272** %10, align 8 %12 = getelementptr inbounds %struct.super_block.195272, %struct.super_block.195272* %11, i64 0, i32 28 %13 = bitcast i8** %12 to i64* %14 = load i64, i64* %13, align 32 %15 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %9, i64 0, i32 1 %16 = bitcast %struct.nfs_server.215528** %15 to i64* store i64 %14, i64* %16, align 8 %17 = getelementptr inbounds %struct.rpc_message.196909, %struct.rpc_message.196909* %0, i64 0, i32 0 store %struct.rpc_procinfo.196908* getelementptr inbounds ([0 x %struct.rpc_procinfo.196908], [0 x %struct.rpc_procinfo.196908]* bitcast ([63 x %struct.rpc_procinfo]* @nfs4_procedures to [0 x %struct.rpc_procinfo.196908]*), i64 0, i64 21), %struct.rpc_procinfo.196908** %17, align 8 %18 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %18, align 8 %19 = getelementptr inbounds %struct.nfs_removeargs.215546, %struct.nfs_removeargs.215546* %6, i64 0, i32 0, i32 1 %20 = load i8, i8* %19, align 8 %21 = and i8 %20, -4 %22 = or i8 %21, 1 store i8 %22, i8* %19, align 8 %23 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %9, i64 0, i32 0, i32 0 store %struct.nfs4_slot.215544* null, %struct.nfs4_slot.215544** %23, align 8 %24 = getelementptr inbounds %struct.nfs_removeres.215548, %struct.nfs_removeres.215548* %9, i64 0, i32 2 %25 = load %struct.nfs_fattr*, %struct.nfs_fattr** %24, align 8 tail call void @nfs_fattr_init(%struct.nfs_fattr* %25) #69 %26 = icmp eq %struct.inode.195275* %2, null br i1 %26, label %29, label %27 %28 = tail call i32 bitcast (i32 (%struct.inode.220272*)* @nfs4_inode_return_delegation to i32 (%struct.inode.195275*)*)(%struct.inode.195275* nonnull %2) #69 Function:nfs4_inode_return_delegation %2 = getelementptr %struct.inode.220272, %struct.inode.220272* %0, i64 -1, i32 15, i32 1 %3 = tail call i32 bitcast (i32 (%struct.inode.195275*)* @nfs_wb_all to i32 (%struct.inode.220272*)*)(%struct.inode.220272* %0) #69 Function:nfs_wb_all callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_writeback_inode_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_wb_all, %2)) #6 to label %24 [label %2], !srcloc !4 %25 = getelementptr inbounds %struct.inode.195275, %struct.inode.195275* %0, i64 0, i32 9 %26 = load %struct.address_space.195241*, %struct.address_space.195241** %25, align 8 %27 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.195241*)*)(%struct.address_space.195241* %26) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr ------------- Path:  Function:nfs_getattr %5 = getelementptr inbounds %struct.path.197020, %struct.path.197020* %0, i64 0, i32 1 %6 = load %struct.dentry.197651*, %struct.dentry.197651** %5, align 8 %7 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %6, i64 0, i32 5 %8 = load %struct.inode.197661*, %struct.inode.197661** %7, align 8 %9 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 8 %10 = load %struct.super_block.197647*, %struct.super_block.197647** %9, align 8 %11 = getelementptr inbounds %struct.super_block.197647, %struct.super_block.197647* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.197784** %13 = load %struct.nfs_server.197784*, %struct.nfs_server.197784** %12, align 32 %14 = and i32 %3, 8192 %15 = icmp eq i32 %14, 0 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_getattr, %16)) #6 to label %38 [label %16], !srcloc !4 %39 = and i32 %3, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %15, true %42 = or i1 %40, %41 br i1 %42, label %43, label %191 %44 = and i32 %2, 192 %45 = icmp eq i32 %44, 0 br i1 %45, label %55, label %46 %47 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 0 %48 = load i16, i16* %47, align 8 %49 = and i16 %48, -4096 %50 = icmp eq i16 %49, -32768 br i1 %50, label %51, label %55 %52 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 9 %53 = load %struct.address_space.197662*, %struct.address_space.197662** %52, align 8 %54 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.197662*)*)(%struct.address_space.197662* %53) #69 ------------- Use: =BAD PATH= Call Stack: 0 nfs_getattr 1 nfs_namespace_getattr ------------- Path:  Function:nfs_namespace_getattr %5 = getelementptr inbounds %struct.path.195280, %struct.path.195280* %0, i64 0, i32 1 %6 = load %struct.dentry.195278*, %struct.dentry.195278** %5, align 8 %7 = getelementptr inbounds %struct.dentry.195278, %struct.dentry.195278* %6, i64 0, i32 5 %8 = load %struct.inode.195275*, %struct.inode.195275** %7, align 8 %9 = getelementptr %struct.inode.195275, %struct.inode.195275* %8, i64 -1, i32 15, i32 1 %10 = getelementptr inbounds i64, i64* %9, i64 1 %11 = bitcast i64* %10 to i16* %12 = load i16, i16* %11, align 2 %13 = icmp eq i16 %12, 0 br i1 %13, label %16, label %14 %15 = tail call i32 bitcast (i32 (%struct.path.197020*, %struct.kstat*, i32, i32)* @nfs_getattr to i32 (%struct.path.195280*, %struct.kstat*, i32, i32)*)(%struct.path.195280* %0, %struct.kstat* %1, i32 %2, i32 %3) #69 Function:nfs_getattr %5 = getelementptr inbounds %struct.path.197020, %struct.path.197020* %0, i64 0, i32 1 %6 = load %struct.dentry.197651*, %struct.dentry.197651** %5, align 8 %7 = getelementptr inbounds %struct.dentry.197651, %struct.dentry.197651* %6, i64 0, i32 5 %8 = load %struct.inode.197661*, %struct.inode.197661** %7, align 8 %9 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 8 %10 = load %struct.super_block.197647*, %struct.super_block.197647** %9, align 8 %11 = getelementptr inbounds %struct.super_block.197647, %struct.super_block.197647* %10, i64 0, i32 28 %12 = bitcast i8** %11 to %struct.nfs_server.197784** %13 = load %struct.nfs_server.197784*, %struct.nfs_server.197784** %12, align 32 %14 = and i32 %3, 8192 %15 = icmp eq i32 %14, 0 callbr void asm sideeffect "1:.byte 0x0f,0x1f,0x44,0x00,0\0A\09.pushsection __jump_table, \22aw\22 \0A\09 .balign 8 \0A\09.long 1b - ., ${2:l} - . \0A\09 .quad ${0:c} + ${1:c} - .\0A\09.popsection \0A\09", "i,i,X,~{dirflag},~{fpsr},~{flags}"(%struct.static_key* getelementptr inbounds (%struct.tracepoint, %struct.tracepoint* bitcast ({ i8*, { %struct.kuid_t, { %struct.jump_entry* } }, i32 ()*, void ()*, %struct.tracepoint_func* }* @__tracepoint_nfs_getattr_enter to %struct.tracepoint*), i64 0, i32 1), i1 false, i8* blockaddress(@nfs_getattr, %16)) #6 to label %38 [label %16], !srcloc !4 %39 = and i32 %3, 16384 %40 = icmp eq i32 %39, 0 %41 = xor i1 %15, true %42 = or i1 %40, %41 br i1 %42, label %43, label %191 %44 = and i32 %2, 192 %45 = icmp eq i32 %44, 0 br i1 %45, label %55, label %46 %47 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 0 %48 = load i16, i16* %47, align 8 %49 = and i16 %48, -4096 %50 = icmp eq i16 %49, -32768 br i1 %50, label %51, label %55 %52 = getelementptr inbounds %struct.inode.197661, %struct.inode.197661* %8, i64 0, i32 9 %53 = load %struct.address_space.197662*, %struct.address_space.197662** %52, align 8 %54 = tail call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.197662*)*)(%struct.address_space.197662* %53) #69 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl 1 ext4_compat_ioctl ------------- Path:  Function:ext4_compat_ioctl %4 = alloca %struct.ext4_new_group_data, align 8 switch i32 %1, label %89 [ i32 -2147195391, label %5 i32 1074030082, label %6 i32 -2147195389, label %7 i32 1074030084, label %8 i32 1074030087, label %9 i32 -2147191295, label %10 i32 1074034178, label %11 i32 -2147195387, label %12 i32 1074030086, label %13 i32 1076127240, label %14 i32 -1071094257, label %85 i32 1074292240, label %85 i32 26130, label %85 i32 -2146671085, label %85 i32 1074816532, label %85 i32 1074554389, label %85 i32 -1073125866, label %85 i32 -1068472809, label %85 i32 -1069521384, label %85 i32 -1069521383, label %85 i32 -1065327078, label %85 i32 -2147198851, label %85 i32 -1061136325, label %85 i32 1082156677, label %85 i32 -1073453434, label %85 i32 26152, label %85 i32 1074030121, label %85 i32 -1071618518, label %85 ] %86 = phi i32 [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ %1, %3 ], [ 1074292230, %13 ], [ -2146933243, %12 ], [ 1074296322, %11 ], [ -2146929151, %10 ], [ 1074292231, %9 ], [ 1074292228, %8 ], [ -2146933245, %7 ], [ 1074292226, %6 ], [ -2146933247, %5 ] %87 = and i64 %2, 4294967295 %88 = tail call i64 @ext4_ioctl(%struct.file.179403* %0, i32 %86, i64 %87) #69 Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %803 = bitcast %struct.fiemap* %4 to i8* %804 = inttoptr i64 %2 to %struct.fiemap* %805 = bitcast %struct.fiemap_extent_info* %5 to i8* %806 = inttoptr i64 %2 to i8* %807 = call i64 @_copy_from_user(i8* nonnull %803, i8* %806, i64 32) #70 %808 = icmp eq i64 %807, 0 br i1 %808, label %809, label %867 %810 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 4 %811 = load i32, i32* %810, align 8 %812 = icmp ugt i32 %811, 76695844 br i1 %812, label %867, label %813 %814 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 0 %815 = load i64, i64* %814, align 8 %816 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 1 %817 = load i64, i64* %816, align 8 %818 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 4 %819 = load i64, i64* %818, align 32 %820 = icmp eq i64 %817, 0 br i1 %820, label %867, label %821 %822 = icmp ult i64 %819, %815 br i1 %822, label %867, label %823 %824 = icmp ult i64 %819, %817 %825 = sub i64 %819, %817 %826 = icmp ult i64 %825, %815 %827 = or i1 %824, %826 %828 = sub i64 %819, %815 %829 = select i1 %827, i64 %828, i64 %817 %830 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 2 %831 = load i32, i32* %830, align 8 %832 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 0 store i32 %831, i32* %832, align 8 %833 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 2 store i32 %811, i32* %833, align 8 %834 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %804, i64 0, i32 6, i64 0 %835 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 3 store %struct.fiemap_extent* %834, %struct.fiemap_extent** %835, align 8 %836 = icmp eq i32 %811, 0 br i1 %836, label %848, label %837 %838 = zext i32 %811 to i64 %839 = mul nuw nsw i64 %838, 56 %840 = call %struct.task_struct.179676* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.179676** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.179676**)) #10, !srcloc !20 %841 = getelementptr inbounds %struct.task_struct.179676, %struct.task_struct.179676* %840, i64 0, i32 163, i32 17, i32 0 %842 = load i64, i64* %841, align 8 %843 = ptrtoint %struct.fiemap_extent* %834 to i64 %844 = add i64 %839, %843 %845 = icmp ult i64 %844, %839 %846 = icmp ugt i64 %844, %842 %847 = or i1 %845, %846 br i1 %847, label %867, label %848, !prof !9, !misexpect !21 %849 = and i32 %831, 1 %850 = icmp eq i32 %849, 0 br i1 %850, label %856, label %851 %852 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 9 %853 = load %struct.address_space.179567*, %struct.address_space.179567** %852, align 8 %854 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.179567*)*)(%struct.address_space.179567* %853) #70 ------------- Use: =BAD PATH= Call Stack: 0 ext4_ioctl ------------- Path:  Function:ext4_ioctl %4 = alloca %struct.fiemap, align 8 %5 = alloca %struct.fiemap_extent_info, align 8 %6 = alloca %struct.anon.84.173853, align 8 %7 = alloca %struct.anon.84.173853, align 8 %8 = alloca %struct.anon.84.173853, align 8 %9 = alloca i32, align 4 %10 = alloca i32, align 4 %11 = alloca %struct.anon.84.173853, align 8 %12 = alloca i32, align 4 %13 = alloca i32, align 4 %14 = alloca %struct.ext4_iloc.179702, align 8 %15 = alloca [3 x %struct.dquot.179408*], align 16 %16 = alloca %struct.ext4_iloc.179702, align 8 %17 = alloca %struct.efi_memory_desc_t, align 8 %18 = alloca %struct.ext4_new_group_data, align 8 %19 = alloca i64, align 8 %20 = alloca %struct.perf_branch_entry, align 8 %21 = alloca %struct.fsxattr, align 4 %22 = alloca %struct.fsxattr, align 4 %23 = alloca %struct.fsxattr, align 4 %24 = getelementptr inbounds %struct.file.179403, %struct.file.179403* %0, i64 0, i32 2 %25 = load %struct.inode.179564*, %struct.inode.179564** %24, align 8 %26 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 8 %27 = load %struct.super_block.179547*, %struct.super_block.179547** %26, align 8 %28 = getelementptr %struct.inode.179564, %struct.inode.179564* %25, i64 -1, i32 37 switch i32 %1, label %1160 [ i32 -1061136325, label %29 i32 -2146933247, label %33 i32 1074292226, label %47 i32 -2146933245, label %96 i32 -2146929151, label %96 i32 1074292228, label %102 i32 1074296322, label %102 i32 1074292231, label %178 i32 -1071094257, label %232 i32 1076389384, label %289 i32 26121, label %298 i32 26124, label %309 i32 26129, label %319 i32 1074292240, label %646 i32 -1072146311, label %727 i32 26130, label %771 i32 -2146671085, label %1161 i32 1074816532, label %1161 i32 1074554389, label %1161 i32 -1073125866, label %1161 i32 -1068472809, label %1161 i32 -1069521384, label %1161 i32 -1069521383, label %1161 i32 -1065327078, label %1161 i32 26152, label %774 i32 1074030121, label %777 i32 -1071618518, label %802 i32 -2145626081, label %869 i32 1075599392, label %914 i32 -2147198851, label %1157 i32 1082156677, label %1161 i32 -1073453434, label %1161 ] %803 = bitcast %struct.fiemap* %4 to i8* %804 = inttoptr i64 %2 to %struct.fiemap* %805 = bitcast %struct.fiemap_extent_info* %5 to i8* %806 = inttoptr i64 %2 to i8* %807 = call i64 @_copy_from_user(i8* nonnull %803, i8* %806, i64 32) #70 %808 = icmp eq i64 %807, 0 br i1 %808, label %809, label %867 %810 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 4 %811 = load i32, i32* %810, align 8 %812 = icmp ugt i32 %811, 76695844 br i1 %812, label %867, label %813 %814 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 0 %815 = load i64, i64* %814, align 8 %816 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 1 %817 = load i64, i64* %816, align 8 %818 = getelementptr inbounds %struct.super_block.179547, %struct.super_block.179547* %27, i64 0, i32 4 %819 = load i64, i64* %818, align 32 %820 = icmp eq i64 %817, 0 br i1 %820, label %867, label %821 %822 = icmp ult i64 %819, %815 br i1 %822, label %867, label %823 %824 = icmp ult i64 %819, %817 %825 = sub i64 %819, %817 %826 = icmp ult i64 %825, %815 %827 = or i1 %824, %826 %828 = sub i64 %819, %815 %829 = select i1 %827, i64 %828, i64 %817 %830 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %4, i64 0, i32 2 %831 = load i32, i32* %830, align 8 %832 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 0 store i32 %831, i32* %832, align 8 %833 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 2 store i32 %811, i32* %833, align 8 %834 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %804, i64 0, i32 6, i64 0 %835 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %5, i64 0, i32 3 store %struct.fiemap_extent* %834, %struct.fiemap_extent** %835, align 8 %836 = icmp eq i32 %811, 0 br i1 %836, label %848, label %837 %838 = zext i32 %811 to i64 %839 = mul nuw nsw i64 %838, 56 %840 = call %struct.task_struct.179676* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.179676** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.179676**)) #10, !srcloc !20 %841 = getelementptr inbounds %struct.task_struct.179676, %struct.task_struct.179676* %840, i64 0, i32 163, i32 17, i32 0 %842 = load i64, i64* %841, align 8 %843 = ptrtoint %struct.fiemap_extent* %834 to i64 %844 = add i64 %839, %843 %845 = icmp ult i64 %844, %839 %846 = icmp ugt i64 %844, %842 %847 = or i1 %845, %846 br i1 %847, label %867, label %848, !prof !9, !misexpect !21 %849 = and i32 %831, 1 %850 = icmp eq i32 %849, 0 br i1 %850, label %856, label %851 %852 = getelementptr inbounds %struct.inode.179564, %struct.inode.179564* %25, i64 0, i32 9 %853 = load %struct.address_space.179567*, %struct.address_space.179567** %852, align 8 %854 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.179567*)*)(%struct.address_space.179567* %853) #70 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __ia32_sys_ioctl ------------- Path:  Function:__ia32_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.134820* %14 = icmp eq i64 %12, 0 br i1 %14, label %25, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.134820*, i32, i64)*)(%struct.file.134820* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %20 %19 = tail call i32 @do_vfs_ioctl(%struct.file.134820* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 8 %116 = load %struct.super_block.135029*, %struct.super_block.135029** %115, align 8 %117 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 7 %118 = load %struct.inode_operations.135038*, %struct.inode_operations.135038** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.135038, %struct.inode_operations.135038* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.135029, %struct.super_block.135029* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.135152* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135152** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135152**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.135152, %struct.task_struct.135152* %157, i64 0, i32 163, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 9 %170 = load %struct.address_space.135047*, %struct.address_space.135047** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.135047*)*)(%struct.address_space.135047* %170) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __x64_sys_ioctl ------------- Path:  Function:__x64_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 14 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 13 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = trunc i64 %3 to i32 %9 = trunc i64 %5 to i32 %10 = tail call i64 @__fdget(i32 %8) #69 %11 = and i64 %10, -4 %12 = inttoptr i64 %11 to %struct.file.134820* %13 = icmp eq i64 %11, 0 br i1 %13, label %24, label %14 %15 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.134820*, i32, i64)*)(%struct.file.134820* nonnull %12, i32 %9, i64 %7) #69 %16 = icmp eq i32 %15, 0 br i1 %16, label %17, label %19 %18 = tail call i32 @do_vfs_ioctl(%struct.file.134820* nonnull %12, i32 %8, i32 %9, i64 %7) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 8 %116 = load %struct.super_block.135029*, %struct.super_block.135029** %115, align 8 %117 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 7 %118 = load %struct.inode_operations.135038*, %struct.inode_operations.135038** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.135038, %struct.inode_operations.135038* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.135029, %struct.super_block.135029* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.135152* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135152** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135152**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.135152, %struct.task_struct.135152* %157, i64 0, i32 163, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 9 %170 = load %struct.address_space.135047*, %struct.address_space.135047** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.135047*)*)(%struct.address_space.135047* %170) #69 ------------- Use: =BAD PATH= Call Stack: 0 do_vfs_ioctl 1 __ia32_compat_sys_ioctl ------------- Path:  Function:__ia32_compat_sys_ioctl %2 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 5 %3 = load i64, i64* %2, align 8 %4 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 11 %5 = load i64, i64* %4, align 8 %6 = getelementptr inbounds %struct.pt_regs, %struct.pt_regs* %0, i64 0, i32 12 %7 = load i64, i64* %6, align 8 %8 = and i64 %7, 4294967295 %9 = trunc i64 %3 to i32 %10 = trunc i64 %5 to i32 %11 = tail call i64 @__fdget(i32 %9) #69 %12 = and i64 %11, -4 %13 = inttoptr i64 %12 to %struct.file.723* %14 = icmp eq i64 %12, 0 br i1 %14, label %900, label %15 %16 = tail call i32 bitcast (i32 (%struct.file.112786*, i32, i64)* @security_file_ioctl to i32 (%struct.file.723*, i32, i64)*)(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %17 = icmp eq i32 %16, 0 br i1 %17, label %18, label %895 switch i32 %10, label %148 [ i32 21585, label %165 i32 21584, label %165 i32 21537, label %165 i32 21586, label %165 i32 21600, label %165 i32 1076647976, label %19 i32 1076647978, label %19 i32 1074041865, label %893 i32 1075876877, label %893 i32 -1072131018, label %893 i32 -1071618549, label %893 i32 1, label %141 i32 2, label %141 i32 21531, label %141 ] %142 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 2 %143 = load %struct.inode.717*, %struct.inode.717** %142, align 8 %144 = getelementptr inbounds %struct.inode.717, %struct.inode.717* %143, i64 0, i32 0 %145 = load i16, i16* %144, align 8 %146 = and i16 %145, -4096 %147 = icmp eq i16 %146, -32768 br i1 %147, label %165, label %148 %149 = getelementptr inbounds %struct.file.723, %struct.file.723* %13, i64 0, i32 3 %150 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 %151 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %150, i64 0, i32 11 %152 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %151, align 8 %153 = icmp eq i64 (%struct.file.723*, i32, i64)* %152, null br i1 %153, label %160, label %154 %155 = tail call i64 %152(%struct.file.723* nonnull %13, i32 %10, i64 %8) #69 %156 = trunc i64 %155 to i32 %157 = icmp eq i32 %156, -515 br i1 %157, label %158, label %895 %159 = load %struct.file_operations.541*, %struct.file_operations.541** %149, align 8 br label %160 %161 = phi %struct.file_operations.541* [ %159, %158 ], [ %150, %148 ] %162 = getelementptr inbounds %struct.file_operations.541, %struct.file_operations.541* %161, i64 0, i32 10 %163 = load i64 (%struct.file.723*, i32, i64)*, i64 (%struct.file.723*, i32, i64)** %162, align 8 %164 = icmp eq i64 (%struct.file.723*, i32, i64)* %163, null br i1 %164, label %893, label %165 %166 = shl i32 %10, 27 %167 = xor i32 %166, %10 %168 = shl i32 %10, 17 %169 = xor i32 %167, %168 %170 = lshr i32 %169, 16 %171 = mul nuw nsw i32 %170, 316 %172 = lshr i32 %171, 16 %173 = zext i32 %172 to i64 br label %174 %175 = phi i64 [ %181, %174 ], [ %173, %165 ] %176 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %175 %177 = load i32, i32* %176, align 4 %178 = icmp ult i32 %177, %169 %179 = icmp ult i64 %175, 316 %180 = and i1 %179, %178 %181 = add nuw nsw i64 %175, 1 br i1 %180, label %174, label %182 %183 = and i64 %175, 4294967295 br label %184 %185 = phi i64 [ %183, %182 ], [ %191, %184 ] %186 = getelementptr [317 x i32], [317 x i32]* @ioctl_pointer, i64 0, i64 %185 %187 = load i32, i32* %186, align 4 %188 = icmp ugt i32 %187, %169 %189 = icmp sgt i64 %185, 0 %190 = and i1 %189, %188 %191 = add nsw i64 %185, -1 br i1 %190, label %184, label %192 %193 = icmp eq i32 %187, %169 br i1 %193, label %893, label %194 %894 = tail call i32 bitcast (i32 (%struct.file.134820*, i32, i32, i64)* @do_vfs_ioctl to i32 (%struct.file.723*, i32, i32, i64)*)(%struct.file.723* nonnull %13, i32 %9, i32 %10, i64 %8) #69 Function:do_vfs_ioctl %5 = alloca %struct.space_resv, align 8 %6 = alloca %struct.sched_info, align 8 %7 = alloca %struct.fiemap, align 8 %8 = alloca %struct.fiemap_extent_info, align 8 %9 = alloca i64, align 8 %10 = inttoptr i64 %3 to i32* %11 = getelementptr inbounds %struct.file.134820, %struct.file.134820* %0, i64 0, i32 2 %12 = load %struct.inode.135044*, %struct.inode.135044** %11, align 8 switch i32 %2, label %305 [ i32 21585, label %13 i32 21584, label %14 i32 21537, label %15 i32 21586, label %35 i32 21600, label %63 i32 -1073457033, label %74 i32 -1073457032, label %95 i32 -1071618549, label %111 i32 2, label %188 i32 1074041865, label %197 i32 1075876877, label %223 i32 -1072131018, label %267 ] %112 = bitcast %struct.fiemap* %7 to i8* %113 = inttoptr i64 %3 to %struct.fiemap* %114 = bitcast %struct.fiemap_extent_info* %8 to i8* %115 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 8 %116 = load %struct.super_block.135029*, %struct.super_block.135029** %115, align 8 %117 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 7 %118 = load %struct.inode_operations.135038*, %struct.inode_operations.135038** %117, align 8 %119 = getelementptr inbounds %struct.inode_operations.135038, %struct.inode_operations.135038* %118, i64 0, i32 16 %120 = load i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)*, i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)** %119, align 64 %121 = icmp eq i32 (%struct.inode.135044*, %struct.fiemap_extent_info*, i64, i64)* %120, null br i1 %121, label %186, label %122 %123 = inttoptr i64 %3 to i8* %124 = call i64 @_copy_from_user(i8* nonnull %112, i8* %123, i64 32) #69 %125 = icmp eq i64 %124, 0 br i1 %125, label %126, label %186 %127 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 4 %128 = load i32, i32* %127, align 8 %129 = icmp ugt i32 %128, 76695844 br i1 %129, label %186, label %130 %131 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 0 %132 = load i64, i64* %131, align 8 %133 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 1 %134 = load i64, i64* %133, align 8 %135 = getelementptr inbounds %struct.super_block.135029, %struct.super_block.135029* %116, i64 0, i32 4 %136 = load i64, i64* %135, align 32 %137 = icmp eq i64 %134, 0 br i1 %137, label %186, label %138 %139 = icmp ult i64 %136, %132 br i1 %139, label %186, label %140 %141 = icmp ult i64 %136, %134 %142 = sub i64 %136, %134 %143 = icmp ult i64 %142, %132 %144 = or i1 %141, %143 %145 = sub i64 %136, %132 %146 = select i1 %144, i64 %145, i64 %134 %147 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %7, i64 0, i32 2 %148 = load i32, i32* %147, align 8 %149 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 0 store i32 %148, i32* %149, align 8 %150 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 2 store i32 %128, i32* %150, align 8 %151 = getelementptr inbounds %struct.fiemap, %struct.fiemap* %113, i64 0, i32 6, i64 0 %152 = getelementptr inbounds %struct.fiemap_extent_info, %struct.fiemap_extent_info* %8, i64 0, i32 3 store %struct.fiemap_extent* %151, %struct.fiemap_extent** %152, align 8 %153 = icmp eq i32 %128, 0 br i1 %153, label %165, label %154 %155 = zext i32 %128 to i64 %156 = mul nuw nsw i64 %155, 56 %157 = call %struct.task_struct.135152* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.135152** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.135152**)) #10, !srcloc !8 %158 = getelementptr inbounds %struct.task_struct.135152, %struct.task_struct.135152* %157, i64 0, i32 163, i32 17, i32 0 %159 = load i64, i64* %158, align 8 %160 = ptrtoint %struct.fiemap_extent* %151 to i64 %161 = add i64 %156, %160 %162 = icmp ult i64 %161, %156 %163 = icmp ugt i64 %161, %159 %164 = or i1 %162, %163 br i1 %164, label %186, label %165, !prof !9, !misexpect !10 %166 = and i32 %148, 1 %167 = icmp eq i32 %166, 0 br i1 %167, label %173, label %168 %169 = getelementptr inbounds %struct.inode.135044, %struct.inode.135044* %12, i64 0, i32 9 %170 = load %struct.address_space.135047*, %struct.address_space.135047** %169, align 8 %171 = call i32 bitcast (i32 (%struct.address_space.108233*)* @filemap_write_and_wait to i32 (%struct.address_space.135047*)*)(%struct.address_space.135047* %170) #69 ------------- Good: 70 Bad: 14 Ignored: 112 Check Use of Function:security_inode_getxattr Check Use of Function:hibernation_snapshot Check Use of Function:__vfs_removexattr Check Use of Function:security_inode_removexattr Check Use of Function:proc_alloc_inum Check Use of Function:match_string Check Use of Function:bitmap_zalloc Use: =BAD PATH= Call Stack: 0 xps_rxqs_show ------------- Path:  Function:xps_rxqs_show %3 = getelementptr inbounds %struct.netdev_queue.664108, %struct.netdev_queue.664108* %0, i64 0, i32 0 %4 = load %struct.net_device.664139*, %struct.net_device.664139** %3, align 64 %5 = getelementptr inbounds %struct.net_device.664139, %struct.net_device.664139* %4, i64 0, i32 86 %6 = bitcast %struct.netdev_queue.664108** %5 to i64* %7 = load i64, i64* %6, align 64 %8 = ptrtoint %struct.netdev_queue.664108* %0 to i64 %9 = sub i64 %8, %7 %10 = sdiv exact i64 %9, 320 %11 = trunc i64 %10 to i32 %12 = getelementptr inbounds %struct.net_device.664139, %struct.net_device.664139* %4, i64 0, i32 87 %13 = load i32, i32* %12, align 8 %14 = icmp ugt i32 %13, %11 br i1 %14, label %16, label %15, !prof !4, !misexpect !5 %17 = tail call i32 @rtnl_trylock() #69 %18 = icmp eq i32 %17, 0 br i1 %18, label %19, label %22 %23 = getelementptr inbounds %struct.net_device.664139, %struct.net_device.664139* %4, i64 0, i32 117 %24 = load i16, i16* %23, align 2 %25 = icmp eq i16 %24, 0 br i1 %25, label %30, label %26 %31 = phi i32 [ %28, %26 ], [ 0, %22 ] %32 = phi i32 [ %27, %26 ], [ 1, %22 ] %33 = getelementptr inbounds %struct.net_device.664139, %struct.net_device.664139* %4, i64 0, i32 73 %34 = load i32, i32* %33, align 8 %35 = tail call i64* @bitmap_zalloc(i32 %34, i32 3264) #69 ------------- Good: 15 Bad: 1 Ignored: 18 Check Use of Function:mtrr_del_page Use: =BAD PATH= Call Stack: 0 mtrr_del 1 mtrr_close ------------- Path:  Function:mtrr_close %3 = getelementptr inbounds %struct.file, %struct.file* %1, i64 0, i32 16 %4 = bitcast i8** %3 to %struct.seq_file** %5 = load %struct.seq_file*, %struct.seq_file** %4, align 8 %6 = getelementptr inbounds %struct.seq_file, %struct.seq_file* %5, i64 0, i32 12 %7 = load i8*, i8** %6, align 8 %8 = bitcast i8* %7 to i32* %9 = icmp eq i8* %7, null br i1 %9, label %33, label %10 %11 = load i32, i32* @num_var_ranges, align 4 %12 = icmp sgt i32 %11, 0 br i1 %12, label %13, label %30 %14 = zext i32 %11 to i64 br label %15 %16 = phi i64 [ 0, %13 ], [ %28, %27 ] %17 = getelementptr i32, i32* %8, i64 %16 %18 = load i32, i32* %17, align 4 %19 = icmp eq i32 %18, 0 br i1 %19, label %27, label %20 %21 = trunc i64 %16 to i32 br label %22 %23 = tail call i32 @mtrr_del(i32 %21, i64 0, i64 0) #69 Function:mtrr_del %4 = load i8, i8* @__mtrr_enabled, align 1, !range !4 %5 = icmp eq i8 %4, 0 br i1 %5, label %17, label %6 %7 = or i64 %2, %1 %8 = and i64 %7, 4095 %9 = icmp eq i64 %8, 0 br i1 %9, label %13, label %10 %14 = lshr i64 %1, 12 %15 = lshr i64 %2, 12 %16 = tail call i32 @mtrr_del_page(i32 %0, i64 %14, i64 %15) #70 ------------- Good: 8 Bad: 1 Ignored: 4 Check Use of Function:namespace_unlock Check Use of Function:mnt_warn_timestamp_expiry Check Use of Function:kern_path Check Use of Function:serport_ldisc_close Check Use of Function:__tcf_block_put Check Use of Function:__tcf_chain_put Check Use of Function:scsi_put_command Check Use of Function:tcf_proto_lookup_ops Check Use of Function:tcf_proto_destroy Check all other indirect call sites Check callee group: sr_tray_move Check callee group: sr_tray_move Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: mq_walk Check callee group: io_complete_rw io_complete_rw_iopoll Check callee group: io_complete_rw io_complete_rw_iopoll Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: aio_complete_rw Check callee group: x86_pmu_aux_output_match Check callee group: sr_tray_move Check callee group: sd_pr_release dm_pr_release Check callee group: nfs_swap_deactivate Check callee group: sd_pr_reserve dm_pr_reserve Check callee group: sr_tray_move Check callee group: ipip6_dellink Check callee group: ipip6_dellink Check callee group: ipip6_dellink Check callee group: mq_find Check callee group: sk_stream_write_space Check callee group: mq_find Check callee group: mq_find Check callee group: sr_packet Check callee group: sd_pr_reserve dm_pr_reserve Check callee group: sr_packet Check callee group: sr_audio_ioctl Check callee group: sr_drive_status Check callee group: sr_audio_ioctl Check callee group: sr_audio_ioctl Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: nfs_weak_revalidate Check callee group: sr_audio_ioctl Check callee group: sr_audio_ioctl Check callee group: fifo_init Check callee group: sr_audio_ioctl Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Check callee group: fifo_init Check callee group: proc_tgid_net_lookup msdos_lookup proc_root_lookup proc_tid_base_lookup proc_lookupfd isofs_lookup proc_map_files_lookup proc_ns_dir_lookup nfs_lookup proc_tgid_base_lookup empty_dir_lookup autofs_lookup proc_lookup kernfs_iop_lookup proc_lookupfdinfo proc_sys_lookup simple_lookup proc_attr_dir_lookup bad_inode_lookup proc_task_lookup ext4_lookup vfat_lookup Check callee group: shmem_xattr_handler_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_security_get ext4_xattr_trusted_get Check callee group: sr_packet Check callee group: nfs_weak_revalidate Check callee group: nfs_atomic_open bad_inode_atomic_open Check callee group: sr_packet Check callee group: mq_find Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: nfs_weak_revalidate Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: sr_audio_ioctl Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: serial8250_config_port Check callee group: sr_packet Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: ext4_rmdir nfs_rmdir vfat_rmdir simple_rmdir msdos_rmdir tracefs_syscall_rmdir bad_inode_rmdir kernfs_iop_rmdir shmem_rmdir autofs_dir_rmdir Check callee group: aio_complete_rw Check callee group: sd_pr_preempt dm_pr_preempt Check callee group: serial8250_release_port Check callee group: mq_find Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: sd_pr_preempt dm_pr_preempt Check callee group: sd_ioctl lo_ioctl sr_block_ioctl dm_blk_ioctl md_ioctl Use: =BAD PATH= Call Stack: 0 blkdev_ioctl 1 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %292 = and i64 %2, 4294967295 %293 = tail call i32 bitcast (i32 (%struct.block_device.279324*, i32, i32, i64)* @blkdev_ioctl to i32 (%struct.block_device.284446*, i32, i32, i64)*)(%struct.block_device.284446* %11, i32 %21, i32 %1, i64 %292) #69 Function:blkdev_ioctl %5 = alloca %struct.trampoline_header, align 8 %6 = alloca %struct.arch_uprobe_task, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.trampoline_header, align 8 %9 = alloca %struct.nfs4_label, align 8 %10 = alloca %struct.blkpg_partition, align 8 %11 = alloca %struct.disk_part_iter, align 8 %12 = alloca %struct.block_device.279324*, align 8 %13 = alloca %struct.trampoline_header, align 8 %14 = alloca %struct.arch_uprobe_task, align 8 %15 = alloca %struct.hd_geometry, align 8 %16 = alloca [2 x i64], align 16 switch i32 %2, label %686 [ i32 4705, label %17 i32 4701, label %31 i32 4727, label %55 i32 4733, label %57 i32 4735, label %59 i32 -1072688510, label %696 i32 1074795139, label %696 i32 -2147216764, label %93 i32 -2147216763, label %111 i32 769, label %114 i32 4707, label %141 i32 4709, label %141 i32 4702, label %153 i32 -2146954640, label %159 i32 4712, label %164 i32 4731, label %179 i32 4728, label %188 i32 4729, label %197 i32 4730, label %206 i32 4732, label %231 i32 4711, label %234 i32 4734, label %245 i32 4706, label %258 i32 4708, label %258 i32 1074270833, label %266 i32 4713, label %298 i32 4703, label %447 i32 4704, label %472 i32 -2146954638, label %481 i32 4724, label %489 i32 4725, label %489 i32 -1069018509, label %489 i32 4726, label %489 i32 1075343560, label %492 i32 1074819273, label %524 i32 1074819274, label %556 i32 1075343563, label %588 i32 1075343564, label %622 i32 1074819277, label %656 ] %687 = getelementptr inbounds %struct.block_device.279324, %struct.block_device.279324* %0, i64 0, i32 16 %688 = load %struct.gendisk.279209*, %struct.gendisk.279209** %687, align 8 %689 = getelementptr inbounds %struct.gendisk.279209, %struct.gendisk.279209* %688, i64 0, i32 9 %690 = load %struct.block_device_operations.279160*, %struct.block_device_operations.279160** %689, align 8 %691 = getelementptr inbounds %struct.block_device_operations.279160, %struct.block_device_operations.279160* %690, i64 0, i32 3 %692 = load i32 (%struct.block_device.279324*, i32, i32, i64)*, i32 (%struct.block_device.279324*, i32, i32, i64)** %691, align 8 %693 = icmp eq i32 (%struct.block_device.279324*, i32, i32, i64)* %692, null br i1 %693, label %696, label %694 %695 = tail call i32 %692(%struct.block_device.279324* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Use: =BAD PATH= Call Stack: 0 blkdev_ioctl 1 block_ioctl ------------- Path:  Function:block_ioctl %4 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 19 %5 = load %struct.address_space.112620*, %struct.address_space.112620** %4, align 8 %6 = getelementptr inbounds %struct.address_space.112620, %struct.address_space.112620* %5, i64 0, i32 0 %7 = load %struct.inode.112777*, %struct.inode.112777** %6, align 8 %8 = getelementptr %struct.inode.112777, %struct.inode.112777* %7, i64 -1, i32 40 %9 = bitcast %struct.file_lock_context** %8 to %struct.block_device.112609* %10 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 8 %11 = load i32, i32* %10, align 4 %12 = getelementptr inbounds %struct.file.112786, %struct.file.112786* %0, i64 0, i32 7 %13 = load i32, i32* %12, align 8 %14 = and i32 %11, -65 %15 = lshr i32 %13, 5 %16 = and i32 %15, 64 %17 = or i32 %16, %14 %18 = tail call i32 bitcast (i32 (%struct.block_device.279324*, i32, i32, i64)* @blkdev_ioctl to i32 (%struct.block_device.112609*, i32, i32, i64)*)(%struct.block_device.112609* %9, i32 %17, i32 %1, i64 %2) #69 Function:blkdev_ioctl %5 = alloca %struct.trampoline_header, align 8 %6 = alloca %struct.arch_uprobe_task, align 8 %7 = alloca %struct.arch_uprobe_task, align 8 %8 = alloca %struct.trampoline_header, align 8 %9 = alloca %struct.nfs4_label, align 8 %10 = alloca %struct.blkpg_partition, align 8 %11 = alloca %struct.disk_part_iter, align 8 %12 = alloca %struct.block_device.279324*, align 8 %13 = alloca %struct.trampoline_header, align 8 %14 = alloca %struct.arch_uprobe_task, align 8 %15 = alloca %struct.hd_geometry, align 8 %16 = alloca [2 x i64], align 16 switch i32 %2, label %686 [ i32 4705, label %17 i32 4701, label %31 i32 4727, label %55 i32 4733, label %57 i32 4735, label %59 i32 -1072688510, label %696 i32 1074795139, label %696 i32 -2147216764, label %93 i32 -2147216763, label %111 i32 769, label %114 i32 4707, label %141 i32 4709, label %141 i32 4702, label %153 i32 -2146954640, label %159 i32 4712, label %164 i32 4731, label %179 i32 4728, label %188 i32 4729, label %197 i32 4730, label %206 i32 4732, label %231 i32 4711, label %234 i32 4734, label %245 i32 4706, label %258 i32 4708, label %258 i32 1074270833, label %266 i32 4713, label %298 i32 4703, label %447 i32 4704, label %472 i32 -2146954638, label %481 i32 4724, label %489 i32 4725, label %489 i32 -1069018509, label %489 i32 4726, label %489 i32 1075343560, label %492 i32 1074819273, label %524 i32 1074819274, label %556 i32 1075343563, label %588 i32 1075343564, label %622 i32 1074819277, label %656 ] %687 = getelementptr inbounds %struct.block_device.279324, %struct.block_device.279324* %0, i64 0, i32 16 %688 = load %struct.gendisk.279209*, %struct.gendisk.279209** %687, align 8 %689 = getelementptr inbounds %struct.gendisk.279209, %struct.gendisk.279209* %688, i64 0, i32 9 %690 = load %struct.block_device_operations.279160*, %struct.block_device_operations.279160** %689, align 8 %691 = getelementptr inbounds %struct.block_device_operations.279160, %struct.block_device_operations.279160* %690, i64 0, i32 3 %692 = load i32 (%struct.block_device.279324*, i32, i32, i64)*, i32 (%struct.block_device.279324*, i32, i32, i64)** %691, align 8 %693 = icmp eq i32 (%struct.block_device.279324*, i32, i32, i64)* %692, null br i1 %693, label %696, label %694 %695 = tail call i32 %692(%struct.block_device.279324* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Check callee group: sr_packet Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: proc_tgid_net_lookup msdos_lookup proc_root_lookup proc_tid_base_lookup proc_lookupfd isofs_lookup proc_map_files_lookup proc_ns_dir_lookup nfs_lookup proc_tgid_base_lookup empty_dir_lookup autofs_lookup proc_lookup kernfs_iop_lookup proc_lookupfdinfo proc_sys_lookup simple_lookup proc_attr_dir_lookup bad_inode_lookup proc_task_lookup ext4_lookup vfat_lookup Check callee group: do_ipt_get_ctl do_ip6t_get_ctl Check callee group: sr_packet Check callee group: ip4_datagram_release_cb tcp_release_cb ip6_datagram_release_cb Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sr_audio_ioctl Check callee group: sr_lock_door Check callee group: sd_ioctl lo_ioctl sr_block_ioctl dm_blk_ioctl md_ioctl Use: =BAD PATH= Call Stack: 0 __blkdev_driver_ioctl 1 compat_blkdev_ioctl ------------- Path:  Function:compat_blkdev_ioctl %4 = alloca %struct.hd_geometry, align 8 %5 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 19 %6 = load %struct.address_space.284480*, %struct.address_space.284480** %5, align 8 %7 = getelementptr inbounds %struct.address_space.284480, %struct.address_space.284480* %6, i64 0, i32 0 %8 = load %struct.inode.284477*, %struct.inode.284477** %7, align 8 %9 = getelementptr inbounds %struct.inode.284477, %struct.inode.284477* %8, i64 0, i32 43 %10 = bitcast %union.anon.79* %9 to %struct.block_device.284446** %11 = load %struct.block_device.284446*, %struct.block_device.284446** %10, align 8 %12 = getelementptr inbounds %struct.block_device.284446, %struct.block_device.284446* %11, i64 0, i32 16 %13 = load %struct.gendisk.284445*, %struct.gendisk.284445** %12, align 8 %14 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 8 %15 = load i32, i32* %14, align 4 %16 = getelementptr inbounds %struct.file.284247, %struct.file.284247* %0, i64 0, i32 7 %17 = load i32, i32* %16, align 8 %18 = and i32 %15, -65 %19 = lshr i32 %17, 5 %20 = and i32 %19, 64 %21 = or i32 %20, %18 switch i32 %1, label %295 [ i32 769, label %22 i32 4731, label %55 i32 4728, label %64 i32 4729, label %73 i32 4730, label %82 i32 4732, label %107 i32 4705, label %112 i32 4701, label %112 i32 4727, label %112 i32 4733, label %112 i32 4735, label %112 i32 4703, label %112 i32 -1072688510, label %112 i32 1074795139, label %112 i32 -2147216764, label %112 i32 -2147216763, label %112 i32 1074008689, label %116 i32 4713, label %120 i32 4707, label %188 i32 4709, label %188 i32 4702, label %201 i32 -2147216784, label %209 i32 4712, label %216 i32 4711, label %231 i32 4734, label %242 i32 4706, label %255 i32 4708, label %255 i32 4704, label %263 i32 -2147216782, label %276 i32 -1069542797, label %286 i32 4724, label %286 i32 4725, label %286 i32 4726, label %286 i32 1075343560, label %291 i32 1074819273, label %291 i32 1074819274, label %291 i32 1075343563, label %291 i32 1075343564, label %291 i32 1074819277, label %291 ] %296 = getelementptr inbounds %struct.gendisk.284445, %struct.gendisk.284445* %13, i64 0, i32 9 %297 = load %struct.block_device_operations.284395*, %struct.block_device_operations.284395** %296, align 8 %298 = getelementptr inbounds %struct.block_device_operations.284395, %struct.block_device_operations.284395* %297, i64 0, i32 4 %299 = load i32 (%struct.block_device.284446*, i32, i32, i64)*, i32 (%struct.block_device.284446*, i32, i32, i64)** %298, align 8 %300 = icmp eq i32 (%struct.block_device.284446*, i32, i32, i64)* %299, null br i1 %300, label %304, label %301 switch i32 %1, label %518 [ i32 770, label %305 i32 772, label %305 i32 776, label %305 i32 777, label %305 i32 778, label %305 i32 779, label %305 i32 780, label %305 i32 782, label %305 i32 783, label %305 i32 784, label %305 i32 794, label %305 i32 21262, label %327 i32 21395, label %367 i32 4710, label %513 i32 781, label %513 i32 798, label %513 i32 799, label %513 i32 816, label %513 i32 21249, label %513 i32 21250, label %513 i32 21251, label %513 i32 21252, label %513 i32 21253, label %513 i32 21254, label %513 i32 21255, label %513 i32 21256, label %513 i32 21257, label %513 i32 21258, label %513 i32 21259, label %513 i32 21264, label %513 i32 21265, label %513 i32 21266, label %513 i32 21267, label %513 i32 21270, label %513 i32 21271, label %513 i32 21273, label %513 i32 21287, label %513 i32 21288, label %513 i32 21297, label %513 i32 21260, label %513 i32 21261, label %513 i32 21268, label %513 i32 21269, label %513 i32 21272, label %513 i32 21392, label %513 i32 21393, label %513 i32 21394, label %513 i32 801, label %515 i32 802, label %515 i32 803, label %515 i32 804, label %515 i32 805, label %515 i32 806, label %515 i32 807, label %515 i32 809, label %515 i32 811, label %515 i32 812, label %515 i32 813, label %515 i32 815, label %515 i32 21263, label %515 i32 21280, label %515 i32 21281, label %515 i32 21282, label %515 i32 21283, label %515 i32 21285, label %515 i32 21286, label %515 i32 21289, label %515 i32 21296, label %515 ] %514 = and i64 %2, 4294967295 br label %515 %516 = phi i64 [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %2, %304 ], [ %514, %513 ] %517 = tail call i32 bitcast (i32 (%struct.block_device.279324*, i32, i32, i64)* @__blkdev_driver_ioctl to i32 (%struct.block_device.284446*, i32, i32, i64)*)(%struct.block_device.284446* %11, i32 %21, i32 %1, i64 %516) #69 Function:__blkdev_driver_ioctl %5 = getelementptr inbounds %struct.block_device.279324, %struct.block_device.279324* %0, i64 0, i32 16 %6 = load %struct.gendisk.279209*, %struct.gendisk.279209** %5, align 8 %7 = getelementptr inbounds %struct.gendisk.279209, %struct.gendisk.279209* %6, i64 0, i32 9 %8 = load %struct.block_device_operations.279160*, %struct.block_device_operations.279160** %7, align 8 %9 = getelementptr inbounds %struct.block_device_operations.279160, %struct.block_device_operations.279160* %8, i64 0, i32 3 %10 = load i32 (%struct.block_device.279324*, i32, i32, i64)*, i32 (%struct.block_device.279324*, i32, i32, i64)** %9, align 8 %11 = icmp eq i32 (%struct.block_device.279324*, i32, i32, i64)* %10, null br i1 %11, label %14, label %12 %13 = tail call i32 %10(%struct.block_device.279324* %0, i32 %1, i32 %2, i64 %3) #69 ------------- Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read ------------- Path:  Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 ------------- Use: =BAD PATH= Call Stack: 0 generic_file_splice_read 1 sock_splice_read ------------- Path:  Function:sock_splice_read %6 = getelementptr inbounds %struct.file.250940, %struct.file.250940* %0, i64 0, i32 16 %7 = bitcast i8** %6 to %struct.socket.250973** %8 = load %struct.socket.250973*, %struct.socket.250973** %7, align 8 %9 = getelementptr inbounds %struct.socket.250973, %struct.socket.250973* %8, i64 0, i32 5 %10 = load %struct.proto_ops.250972*, %struct.proto_ops.250972** %9, align 32 %11 = getelementptr inbounds %struct.proto_ops.250972, %struct.proto_ops.250972* %10, i64 0, i32 22 %12 = load i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)*, i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)** %11, align 8 %13 = icmp eq i64 (%struct.socket.250973*, i64*, %struct.pipe_inode_info.250930*, i64, i32)* %12, null br i1 %13, label %14, label %16, !prof !4, !misexpect !5 %15 = tail call i64 bitcast (i64 (%struct.file.140861*, i64*, %struct.pipe_inode_info.140949*, i64, i32)* @generic_file_splice_read to i64 (%struct.file.250940*, i64*, %struct.pipe_inode_info.250930*, i64, i32)*)(%struct.file.250940* %0, i64* %1, %struct.pipe_inode_info.250930* %2, i64 %3, i32 %4) #69 Function:generic_file_splice_read %6 = alloca %struct.iov_iter, align 8 %7 = alloca %struct.kiocb.140520, align 8 %8 = bitcast %struct.iov_iter* %6 to i8* %9 = bitcast %struct.kiocb.140520* %7 to i8* call void bitcast (void (%struct.iov_iter*, i32, %struct.pipe_inode_info.49677*, i64)* @iov_iter_pipe to void (%struct.iov_iter*, i32, %struct.pipe_inode_info.140949*, i64)*)(%struct.iov_iter* nonnull %6, i32 0, %struct.pipe_inode_info.140949* %2, i64 %3) #69 %10 = getelementptr inbounds %struct.iov_iter, %struct.iov_iter* %6, i64 0, i32 4 %11 = bitcast %struct.anon.1* %10 to i32* %12 = load i32, i32* %11, align 8 %13 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 7 %14 = load i32, i32* %13, align 8 %15 = lshr i32 %14, 9 %16 = and i32 %15, 2 %17 = lshr i32 %14, 12 %18 = and i32 %17, 4 %19 = or i32 %18, %16 %20 = and i32 %14, 4096 %21 = icmp eq i32 %20, 0 br i1 %21, label %22, label %38 %23 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 19 %24 = load %struct.address_space.140942*, %struct.address_space.140942** %23, align 8 %25 = getelementptr inbounds %struct.address_space.140942, %struct.address_space.140942* %24, i64 0, i32 0 %26 = load %struct.inode.140936*, %struct.inode.140936** %25, align 8 %27 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 8 %28 = load %struct.super_block.140921*, %struct.super_block.140921** %27, align 8 %29 = getelementptr inbounds %struct.super_block.140921, %struct.super_block.140921* %28, i64 0, i32 10 %30 = load i64, i64* %29, align 16 %31 = and i64 %30, 16 %32 = icmp eq i64 %31, 0 br i1 %32, label %33, label %38 %34 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %26, i64 0, i32 4 %35 = load i32, i32* %34, align 4 %36 = and i32 %35, 1 %37 = icmp eq i32 %36, 0 br i1 %37, label %40, label %38 %39 = or i32 %19, 16 br label %40 %41 = phi i32 [ %39, %38 ], [ %19, %33 ] %42 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 5 %43 = load i32, i32* %42, align 4 %44 = icmp eq i32 %43, 0 br i1 %44, label %45, label %51 %46 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 2 %47 = load %struct.inode.140936*, %struct.inode.140936** %46, align 8 %48 = getelementptr inbounds %struct.inode.140936, %struct.inode.140936* %47, i64 0, i32 21 %49 = load i8, i8* %48, align 1 %50 = zext i8 %49 to i32 br label %51 %52 = phi i32 [ %50, %45 ], [ %43, %40 ] %53 = call %struct.task_struct.140841* asm "movq %gs:${1:P},$0", "=r,im,~{dirflag},~{fpsr},~{flags}"(%struct.task_struct.140841** nonnull bitcast (%struct.task_struct** @current_task to %struct.task_struct.140841**)) #10, !srcloc !4 %54 = getelementptr inbounds %struct.task_struct.140841, %struct.task_struct.140841* %53, i64 0, i32 114 %55 = load %struct.io_context.140715*, %struct.io_context.140715** %54, align 64 %56 = icmp eq %struct.io_context.140715* %55, null br i1 %56, label %60, label %57 %61 = phi i16 [ %59, %57 ], [ 0, %51 ] %62 = icmp ult i32 %52, 65536 %63 = select i1 %62, i32 %52, i32 65536 %64 = trunc i32 %63 to i16 %65 = lshr i32 %14, 15 %66 = and i32 %65, 32 %67 = or i32 %41, %66 %68 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 0 store %struct.file.140861* %0, %struct.file.140861** %68, align 8 %69 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 1 %70 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 4 %71 = getelementptr inbounds i64, i64* %69, i64 1 %72 = bitcast i64* %71 to i8* store i32 %67, i32* %70, align 8 %73 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 5 store i16 %64, i16* %73, align 4 %74 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 6 store i16 %61, i16* %74, align 2 %75 = getelementptr inbounds %struct.kiocb.140520, %struct.kiocb.140520* %7, i64 0, i32 7 store i32 0, i32* %75, align 8 %76 = load i64, i64* %1, align 8 store i64 %76, i64* %69, align 8 %77 = getelementptr inbounds %struct.file.140861, %struct.file.140861* %0, i64 0, i32 3 %78 = load %struct.file_operations.140858*, %struct.file_operations.140858** %77, align 8 %79 = getelementptr inbounds %struct.file_operations.140858, %struct.file_operations.140858* %78, i64 0, i32 4 %80 = load i64 (%struct.kiocb.140520*, %struct.iov_iter*)*, i64 (%struct.kiocb.140520*, %struct.iov_iter*)** %79, align 8 %81 = call i64 %80(%struct.kiocb.140520* nonnull %7, %struct.iov_iter* nonnull %6) #69 ------------- Check callee group: ip4_datagram_release_cb tcp_release_cb ip6_datagram_release_cb Check callee group: mq_leaf Check callee group: serial8250_request_port Check callee group: sd_pr_preempt dm_pr_preempt Check callee group: sr_packet Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sd_pr_clear dm_pr_clear Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: fifo_init Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sr_packet Check callee group: sr_packet Check callee group: ip4_datagram_release_cb tcp_release_cb ip6_datagram_release_cb Check callee group: sr_lock_door Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sr_packet Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: serial8250_get_mctrl Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: serial8250_request_port Check callee group: random_write_iter sock_write_iter devkmsg_write nfs_file_write pipe_write generic_file_write_iter ext4_file_write_iter write_iter_null blkdev_write_iter Check callee group: sr_check_events Check callee group: sk_stream_write_space Check callee group: sr_check_events Check callee group: serial8250_pm Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: sr_packet Check callee group: sr_packet Check callee group: mq_walk Check callee group: aio_complete_rw Check callee group: sr_packet Check callee group: serial8250_pm Check callee group: mq_find Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: sr_packet Check callee group: nfs_weak_revalidate Check callee group: shmem_xattr_handler_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_security_get ext4_xattr_trusted_get Check callee group: sr_packet Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: sr_packet Check callee group: sd_ioctl lo_ioctl sr_block_ioctl dm_blk_ioctl md_ioctl Check callee group: serial8250_pm Check callee group: device_reset Check callee group: sr_audio_ioctl Check callee group: sr_packet Check callee group: ipip6_dellink Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Check callee group: x86_pmu_aux_output_match Check callee group: ext4_rename2 simple_rename nfs_rename bad_inode_rename2 vfat_rename msdos_rename kernfs_iop_rename shmem_rename2 Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: ip4_datagram_release_cb tcp_release_cb ip6_datagram_release_cb Check callee group: sd_pr_release dm_pr_release Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: tid_fd_revalidate vfat_revalidate pid_revalidate nfs_lookup_revalidate vfat_revalidate_ci proc_misc_d_revalidate map_files_d_revalidate proc_net_d_revalidate nfs4_lookup_revalidate kernfs_dop_revalidate proc_sys_revalidate Check callee group: sd_pr_register dm_pr_register Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: serial8250_get_mctrl Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: serial8250_pm Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: fifo_init Check callee group: serial8250_get_mctrl Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 period_store ------------- Path:  Function:period_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = getelementptr inbounds %struct.device.680, %struct.device.680* %0, i64 0, i32 8 %7 = load i8*, i8** %6, align 8 %8 = getelementptr inbounds i8, i8* %7, i64 960 %9 = bitcast i8* %8 to %struct.ptp_clock_info.590237** %10 = load %struct.ptp_clock_info.590237*, %struct.ptp_clock_info.590237** %9, align 8 %11 = bitcast %struct.ptp_clock_request* %5 to i8* %12 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 0 store i32 1, i32* %12, align 8 %13 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 2 %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 0 %15 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 0, i32 1 %16 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 0 %17 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1, i32 0, i32 1, i32 1 %18 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([19 x i8], [19 x i8]* @.str.6.51983, i64 0, i64 0), i32* %13, i64* %14, i32* %15, i64* %16, i32* %17) #69 %19 = icmp eq i32 %18, 5 br i1 %19, label %20, label %36 %21 = load i32, i32* %13, align 8 %22 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %10, i64 0, i32 5 %23 = load i32, i32* %22, align 4 %24 = icmp ult i32 %21, %23 br i1 %24, label %25, label %36 %26 = load i64, i64* %16, align 8 %27 = icmp ne i64 %26, 0 %28 = load i32, i32* %17, align 8 %29 = icmp ne i32 %28, 0 %30 = or i1 %27, %29 %31 = zext i1 %30 to i32 %32 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %10, i64 0, i32 16 %33 = load i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)** %32, align 8 %34 = call i32 %33(%struct.ptp_clock_info.590237* %10, %struct.ptp_clock_request* nonnull %5, i32 %31) #70 ------------- Check callee group: sr_tray_move Check callee group: serial8250_pm Check callee group: proc_tgid_net_lookup msdos_lookup proc_root_lookup proc_tid_base_lookup proc_lookupfd isofs_lookup proc_map_files_lookup proc_ns_dir_lookup nfs_lookup proc_tgid_base_lookup empty_dir_lookup autofs_lookup proc_lookup kernfs_iop_lookup proc_lookupfdinfo proc_sys_lookup simple_lookup proc_attr_dir_lookup bad_inode_lookup proc_task_lookup ext4_lookup vfat_lookup Check callee group: random_write_iter sock_write_iter devkmsg_write nfs_file_write pipe_write generic_file_write_iter ext4_file_write_iter write_iter_null blkdev_write_iter Check callee group: serial8250_pm Check callee group: serial8250_request_port Check callee group: sr_drive_status Check callee group: sk_stream_write_space Check callee group: mq_leaf Check callee group: sk_stream_write_space Check callee group: mq_find Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 extts_enable_store ------------- Path:  Function:extts_enable_store %5 = alloca %struct.ptp_clock_request, align 8 %6 = alloca i32, align 4 %7 = getelementptr inbounds %struct.device.680, %struct.device.680* %0, i64 0, i32 8 %8 = load i8*, i8** %7, align 8 %9 = getelementptr inbounds i8, i8* %8, i64 960 %10 = bitcast i8* %9 to %struct.ptp_clock_info.590237** %11 = load %struct.ptp_clock_info.590237*, %struct.ptp_clock_info.590237** %10, align 8 %12 = bitcast %struct.ptp_clock_request* %5 to i8* %13 = bitcast i32* %6 to i8* %14 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %5, i64 0, i32 1 %15 = call i32 (i8*, i8*, ...) @sscanf(i8* %2, i8* getelementptr inbounds ([6 x i8], [6 x i8]* @.str.2.51987, i64 0, i64 0), %union.anon.182.541827* %14, i32* nonnull %6) #69 %16 = icmp eq i32 %15, 2 br i1 %16, label %17, label %31 %18 = bitcast %union.anon.182.541827* %14 to i32* %19 = load i32, i32* %18, align 8 %20 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %11, i64 0, i32 4 %21 = load i32, i32* %20, align 8 %22 = icmp ult i32 %19, %21 br i1 %22, label %23, label %31 %24 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %11, i64 0, i32 16 %25 = load i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)** %24, align 8 %26 = load i32, i32* %6, align 4 %27 = icmp ne i32 %26, 0 %28 = zext i1 %27 to i32 %29 = call i32 %25(%struct.ptp_clock_info.590237* %11, %struct.ptp_clock_request* nonnull %5, i32 %28) #70 ------------- Check callee group: sk_stream_write_space Check callee group: mq_leaf Check callee group: sk_stream_write_space Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_audio_ioctl Check callee group: tcp_abort raw_abort udp_abort Check callee group: nfs_weak_revalidate Check callee group: serial8250_pm Check callee group: serial8250_pm Check callee group: sd_ioctl lo_ioctl sr_block_ioctl dm_blk_ioctl md_ioctl Check callee group: mq_find Check callee group: mq_find Check callee group: sr_select_speed Check callee group: nfs_swap_activate Check callee group: nfs_umount_begin Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: mqueue_unlink ext4_unlink nfs_unlink simple_unlink msdos_unlink bad_inode_unlink shmem_unlink autofs_dir_unlink vfat_unlink Check callee group: sd_pr_register dm_pr_register Check callee group: sr_packet Check callee group: sr_packet Check callee group: serial8250_release_port Check callee group: serial8250_release_port Check callee group: sd_pr_clear dm_pr_clear Check callee group: serial8250_release_port Check callee group: serial8250_release_port Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sr_packet Check callee group: do_ipt_get_ctl do_ip6t_get_ctl Check callee group: mq_find Check callee group: sr_lock_door Check callee group: sr_lock_door Check callee group: nfs_swap_deactivate Check callee group: n_tty_close n_null_close serport_ldisc_close Check callee group: sr_lock_door Check callee group: ext4_bmap _isofs_bmap _fat_bmap Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: ipip6_newlink Check callee group: fifo_init Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sk_stream_write_space Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: sr_packet Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: sr_packet Check callee group: sr_reset Check callee group: serial8250_verify_port Check callee group: sr_packet Check callee group: serial8250_pm Check callee group: device_reset Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: aio_complete_rw Check callee group: random_read_iter sock_read_iter urandom_read_iter nfs_file_read pipe_read read_iter_zero generic_file_read_iter ext4_file_read_iter hugetlbfs_read_iter blkdev_read_iter shmem_file_read_iter read_iter_null Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: shmem_xattr_handler_get posix_acl_xattr_get ext4_xattr_user_get kernfs_vfs_xattr_get nfs4_xattr_get_nfs4_acl sockfs_xattr_get ext4_xattr_security_get ext4_xattr_trusted_get Check callee group: sr_packet Check callee group: sr_packet Check callee group: serial8250_config_port Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: sr_packet Check callee group: nfs_weak_revalidate Check callee group: sr_packet Check callee group: sr_get_last_session Check callee group: sk_stream_write_space Check callee group: sr_packet Check callee group: sr_packet Check callee group: random_write_iter sock_write_iter devkmsg_write nfs_file_write pipe_write generic_file_write_iter ext4_file_write_iter write_iter_null blkdev_write_iter Check callee group: sr_packet Check callee group: serial8250_config_port Check callee group: device_reset Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: ipip6_dellink Check callee group: serial8250_pm Check callee group: sr_packet Check callee group: udp_v4_rehash udp_v6_rehash Check callee group: sr_packet Check callee group: mq_walk Check callee group: sk_stream_write_space Check callee group: sr_packet Check callee group: sr_packet Check callee group: serial8250_get_mctrl Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: aio_complete_rw Check callee group: sr_packet Check callee group: sr_packet Check callee group: sr_packet Check callee group: mq_find Check callee group: sr_packet Check callee group: uart_set_ldisc Check callee group: sr_packet Check callee group: n_tty_open n_null_open serport_ldisc_open Check callee group: sr_packet Check callee group: sk_stream_write_space Check callee group: sr_packet Check callee group: i915_driver_open Check callee group: sr_get_mcn Check callee group: sr_drive_status Check callee group: sr_packet Check callee group: sr_drive_status Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.itimerspec64, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4 %15 = bitcast %struct.posix_clock* %14 to %struct.ptp_clock_info.590237** %16 = load %struct.ptp_clock_info.590237*, %struct.ptp_clock_info.590237** %15, align 8 %17 = bitcast %struct.itimerspec64* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.anon.54* %10 to i8* switch i32 %1, label %433 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %52 i32 1074806027, label %52 i32 1077427459, label %96 i32 1077427468, label %96 i32 1074019588, label %148 i32 1074019597, label %148 i32 -1069531896, label %157 i32 -1069531887, label %157 i32 -994034423, label %195 i32 -994034414, label %195 i32 1128283397, label %267 i32 1128283406, label %267 i32 -1067434746, label %325 i32 -1067434737, label %325 i32 1080048903, label %380 i32 1080048912, label %380 ] %53 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1 %54 = bitcast %union.anon.182.541827* %53 to %struct.ptp_extts_request* %55 = bitcast %union.anon.182.541827* %53 to i8* %56 = inttoptr i64 %2 to i8* %57 = call i64 @_copy_from_user(i8* %55, i8* %56, i64 16) #69 %58 = icmp eq i64 %57, 0 br i1 %58, label %59, label %433 switch i32 %1, label %82 [ i32 1074806027, label %60 i32 1074806018, label %76 ] %61 = getelementptr inbounds %struct.ptp_extts_request, %struct.ptp_extts_request* %54, i64 0, i32 1 %62 = load i32, i32* %61, align 4 %63 = or i32 %62, 8 store i32 %63, i32* %61, align 4 %64 = icmp ult i32 %62, 16 br i1 %64, label %65, label %433 %66 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 0, i32 1 %67 = load i32, i32* %66, align 8 %68 = icmp eq i32 %67, 0 br i1 %68, label %69, label %433 %70 = getelementptr inbounds i32, i32* %66, i64 1 %71 = load i32, i32* %70, align 4 %72 = icmp ne i32 %71, 0 %73 = and i32 %62, 7 %74 = icmp eq i32 %73, 1 %75 = or i1 %74, %72 br i1 %75, label %433, label %82 %83 = bitcast %union.anon.182.541827* %53 to i32* %84 = load i32, i32* %83, align 8 %85 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %16, i64 0, i32 4 %86 = load i32, i32* %85, align 8 %87 = icmp ult i32 %84, %86 br i1 %87, label %88, label %433 %89 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 0 store i32 0, i32* %89, align 8 %90 = getelementptr inbounds %struct.ptp_extts_request, %struct.ptp_extts_request* %54, i64 0, i32 1 %91 = load i32, i32* %90, align 4 %92 = and i32 %91, 1 %93 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %16, i64 0, i32 16 %94 = load i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)** %93, align 8 %95 = call i32 %94(%struct.ptp_clock_info.590237* %16, %struct.ptp_clock_request* nonnull %7, i32 %92) #69 ------------- Check callee group: mq_select_queue Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: tg3_ptp_enable e1000e_phc_enable Use: =BAD PATH= Call Stack: 0 ptp_ioctl ------------- Path:  Function:ptp_ioctl %4 = alloca %struct.ptp_sys_offset_precise, align 8 %5 = alloca %struct.perf_branch_entry, align 8 %6 = alloca %struct.itimerspec64, align 8 %7 = alloca %struct.ptp_clock_request, align 8 %8 = alloca %struct.ptp_clock_caps, align 4 %9 = alloca %struct.ptp_pin_desc, align 4 %10 = alloca %struct.anon.54, align 8 %11 = bitcast %struct.posix_clock* %0 to %struct.ptp_clock* %12 = bitcast %struct.ptp_sys_offset_precise* %4 to i8* %13 = bitcast %struct.perf_branch_entry* %5 to i8* %14 = getelementptr inbounds %struct.posix_clock, %struct.posix_clock* %0, i64 4 %15 = bitcast %struct.posix_clock* %14 to %struct.ptp_clock_info.590237** %16 = load %struct.ptp_clock_info.590237*, %struct.ptp_clock_info.590237** %15, align 8 %17 = bitcast %struct.itimerspec64* %6 to i8* %18 = bitcast %struct.ptp_clock_request* %7 to i8* %19 = bitcast %struct.ptp_clock_caps* %8 to i8* %20 = getelementptr inbounds %struct.ptp_pin_desc, %struct.ptp_pin_desc* %9, i64 0, i32 0, i64 0 %21 = bitcast %struct.anon.54* %10 to i8* switch i32 %1, label %433 [ i32 -2142225151, label %22 i32 -2142225142, label %22 i32 1074806018, label %52 i32 1074806027, label %52 i32 1077427459, label %96 i32 1077427468, label %96 i32 1074019588, label %148 i32 1074019597, label %148 i32 -1069531896, label %157 i32 -1069531887, label %157 i32 -994034423, label %195 i32 -994034414, label %195 i32 1128283397, label %267 i32 1128283406, label %267 i32 -1067434746, label %325 i32 -1067434737, label %325 i32 1080048903, label %380 i32 1080048912, label %380 ] %97 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0 %98 = bitcast %struct.ptp_perout_request* %97 to i8* %99 = inttoptr i64 %2 to i8* %100 = call i64 @_copy_from_user(i8* %98, i8* %99, i64 56) #69 %101 = icmp eq i64 %100, 0 br i1 %101, label %102, label %433 %103 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 3 %104 = load i32, i32* %103, align 4 %105 = icmp ult i32 %104, 2 br i1 %105, label %106, label %124 %107 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 4, i64 0 %108 = load i32, i32* %107, align 8 %109 = icmp eq i32 %108, 0 br i1 %109, label %110, label %124 %111 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 4, i64 1 %112 = load i32, i32* %111, align 4 %113 = icmp eq i32 %112, 0 br i1 %113, label %114, label %124 %115 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 4, i64 2 %116 = load i32, i32* %115, align 8 %117 = icmp eq i32 %116, 0 br i1 %117, label %118, label %124 switch i32 %1, label %129 [ i32 1077427468, label %433 i32 1077427459, label %127 ] %130 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 2 %131 = load i32, i32* %130, align 8 %132 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %16, i64 0, i32 5 %133 = load i32, i32* %132, align 4 %134 = icmp ult i32 %131, %133 br i1 %134, label %135, label %433 %136 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 0 store i32 1, i32* %136, align 8 %137 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 1, i32 0 %138 = load i64, i64* %137, align 8 %139 = icmp ne i64 %138, 0 %140 = getelementptr inbounds %struct.ptp_clock_request, %struct.ptp_clock_request* %7, i64 0, i32 1, i32 0, i32 1, i32 1 %141 = load i32, i32* %140, align 8 %142 = icmp ne i32 %141, 0 %143 = or i1 %139, %142 %144 = zext i1 %143 to i32 %145 = getelementptr inbounds %struct.ptp_clock_info.590237, %struct.ptp_clock_info.590237* %16, i64 0, i32 16 %146 = load i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)*, i32 (%struct.ptp_clock_info.590237*, %struct.ptp_clock_request*, i32)** %145, align 8 %147 = call i32 %146(%struct.ptp_clock_info.590237* %16, %struct.ptp_clock_request* nonnull %7, i32 %144) #69 ------------- Check callee group: aio_complete_rw Check callee group: security_shm_associate security_msg_queue_associate security_sem_associate Check callee group: tg3_ptp_enable e1000e_phc_enable Check callee group: sr_audio_ioctl Check callee group: random_write_iter sock_write_iter devkmsg_write nfs_file_write pipe_write generic_file_write_iter ext4_file_write_iter write_iter_null blkdev_write_iter Check callee group: random_write_iter sock_write_iter devkmsg_write nfs_file_write pipe_write generic_file_write_iter ext4_file_write_iter write_iter_null blkdev_write_iter Check callee group: sr_lock_door Check callee group: sr_check_events Check callee group: sr_packet Check callee group: mqueue_create ext4_create nfs_create hugetlbfs_create bad_inode_create ramfs_create msdos_create shmem_create vfat_create Check callee group: sr_packet Check callee group: ext4_bmap _isofs_bmap _fat_bmap Check callee group: mqueue_create ext4_create nfs_create hugetlbfs_create bad_inode_create ramfs_create msdos_create shmem_create vfat_create Check callee group: mq_walk Check callee group: ipip6_dellink Check callee group: ipip6_dellink Good: 386 Bad: 12 Ignored: 289 Thread 0 Done! STOP WATCH[0]: 950108.364000 ms =NON-Kernel Init Functions= __ia32_sys_lookup_dcookie md_compat_ioctl load_elf_binary load_elf_binary.16751 load_elf_library vm_brk __ia32_sys_brk cache_disable_1_store cache_disable_0_store i915_gem_context_setparam_ioctl __x64_sys_socketcall __se_sys_socketcall __ia32_sys_socketcall svc_addsock svc_tcp_accept svc_tcp_kill_temp_xprt kernel_setsockopt svc_create_socket __ia32_compat_sys_setsockopt __compat_sys_setsockopt __ia32_compat_sys_socketcall shmem_lock hugetlb_file_setup hsw_hw_config __x64_sys_mlock __x64_sys_mlock2 pps_cdev_compat_ioctl nfnetlink_send netlink_sendmsg uevent_net_rcv_skb hpet_compat_ioctl do_mmap hpet_ioctl uart_port_activate uart_set_info_user uart_ioctl inet_bind i915_gem_execbuffer2_ioctl __x64_sys_semget ipcget __ia32_sys_semget ksys_msgrcv __ia32_sys_msgrcv compat_ksys_msgrcv do_msgrcv __ia32_compat_sys_msgrcv semctl_setval semctl_main ksys_semtimedop __x64_sys_semtimedop_time32 __ia32_sys_semtimedop_time32 do_semtimedop __ia32_sys_semop __ia32_compat_sys_setrlimit __ia32_sys_setrlimit kill_pid fn_boot_it kill_pgrp disassociate_ctty __kill_pgrp_info kill_pid_info __ia32_sys_kill __x64_sys_pidfd_send_signal __se_sys_pidfd_send_signal __ia32_sys_pidfd_send_signal __x64_sys_rt_sigqueueinfo __x64_sys_semtimedop __ia32_sys_rt_sigqueueinfo group_send_sig_info __ia32_compat_sys_rt_sigqueueinfo __x64_sys_migrate_pages __ia32_sys_migrate_pages __x64_sys_mbind __ia32_sys_mlock __ia32_sys_mbind __x64_sys_mremap __x64_sys_setuid16 __ia32_sys_setuid16 fork_idle tty_ldisc_hangup __x64_sys_clone3 __ia32_sys_clone3 unix_stream_sendmsg unix_seqpacket_sendmsg __x64_sys_open_tree unix_dgram_sendmsg __ia32_sys_open_tree __x64_sys_prlimit64 __ia32_sys_prlimit64 kernfs_iop_listxattr __x64_sys_open_by_handle_at __ia32_sys_open_by_handle_at selinux_inode_getsecctx file_modified __ia32_sys_ioprio_set __x64_sys_mount __se_sys_rt_tgsigqueueinfo ksys_mount __ia32_sys_mount expand_stack __x64_sys_syslog kmsg_release simple_set_acl sched_setscheduler sched_setattr sched_set_stop_task cpu_stop_create sched_setattr_nocheck __x64_sys_sched_setscheduler __ia32_sys_sched_setscheduler do_sched_setscheduler __ia32_sys_sched_setparam __ia32_sys_sched_setattr sysrq_handle_unrt __x64_sys_setxattr __ia32_sys_setxattr __x64_sys_lsetxattr path_setxattr __ia32_sys_lsetxattr __x64_sys_fsetxattr setxattr __se_sys_fsetxattr __x64_sys_removexattr __ia32_sys_removexattr __x64_sys_lremovexattr __ia32_sys_lremovexattr __vfs_removexattr_locked __se_sys_fremovexattr __x64_sys_fgetxattr getxattr __ia32_sys_fgetxattr tcp_congestion_default __x64_sys_fsmount __ia32_sys_sched_setaffinity dquot_transfer sel_write_user __ia32_sys_timerfd_settime __x64_sys_timerfd_settime32 genl_rcv kern_path filename_lookup path_lookupat user_path_create __x64_sys_mknodat __ia32_sys_mknodat do_mknodat __ia32_sys_mknod do_mkdirat __ia32_sys_mkdir __x64_sys_symlinkat __ia32_sys_symlinkat __x64_sys_symlink do_symlinkat __ia32_sys_symlink do_linkat kern_path_locked do_filp_open link_path_walk do_file_open_root __x64_sys_move_pages __ia32_sys_move_pages __ia32_compat_sys_move_pages vfs_setlease __se_sys_fcntl __ia32_sys_fcntl __ia32_compat_sys_fcntl64 fcntl_setlease do_fcntl i915_gem_userptr_ioctl __se_sys_keyctl __ia32_sys_keyctl __x64_sys_move_mount __ia32_sys_move_mount __ia32_sys_remap_file_pages __x64_sys_delete_module tc_cls_act_func_proto xdp_func_proto lwt_in_func_proto lwt_xmit_func_proto lwt_seg6local_func_proto sock_addr_func_proto sk_skb_func_proto sk_msg_func_proto n_tty_ioctl_helper io_submit_sqe __se_sys_io_uring_enter __x64_sys_io_uring_setup io_read __io_submit_sqe io_queue_link_head __ia32_sys_io_uring_setup aio_prep_rw __ia32_sys_shmctl compat_ksys_shmctl vt_compat_ioctl __ia32_sys_timerfd_create scsi_cmd_blk_ioctl bsg_ioctl __x64_sys_reboot __ia32_sys_reboot __x64_sys_ioctl __ia32_sys_ioctl bprintf __x64_sys_unlink __ia32_sys_unlink emulate_vsyscall syscall_return_slowpath do_int80_syscall_32 do_unlinkat do_coredump get_signal do_signal prepare_exit_to_usermode do_fast_syscall_32 __x64_sys_rmdir __ia32_sys_rmdir __x64_sys_unlinkat do_rmdir __ia32_sys_unlinkat vfs_rename do_renameat2 __ia32_sys_setfsuid __ia32_sys_setfsuid16 uevent_net_rcv __x64_sys_setregid16 __ia32_sys_setregid16 __ia32_compat_sys_msgctl compat_ksys_old_msgctl compat_ksys_msgctl __ia32_compat_sys_old_msgctl __x64_sys_semctl dquot_alloc_inode __se_sys_semctl __ia32_sys_semctl __x64_sys_tgkill __ia32_compat_sys_semctl compat_ksys_old_semctl vt_ioctl semctl_down compat_ksys_semctl __ia32_compat_sys_old_semctl __ia32_sys_setresgid __x64_sys_setresgid16 __ia32_sys_setresgid16 perf_kprobe_init perf_event_create_kernel_counter __x64_sys_perf_event_open __se_sys_perf_event_open dm_compat_ctl_ioctl __ia32_sys_prctl __x64_sys_setdomainname __ia32_sys_setdomainname __ia32_sys_setresuid __x64_sys_setresuid16 __ia32_sys_setresuid16 __ia32_sys_setfsgid __x64_sys_setfsgid16 __x64_sys_pivot_root __x64_sys_setpriority __se_sys_setpriority vmf_insert_pfn_prot vmf_insert_pfn vvar_fault vmf_insert_mixed_mkwrite fb_mmap vm_iomap_memory dma_common_mmap pci_mmap_page_range pci_mmap_resource_wc pci_mmap_resource_range pci_mmap_resource_uc snd_pcm_mmap_data snd_pcm_mmap __x64_sys_setreuid16 __ia32_sys_setreuid16 ptrace_may_access mm_access __x64_sys_ptrace __se_sys_ptrace __ia32_sys_ptrace ptrace_attach __ia32_compat_sys_ptrace autofs_dev_ioctl_compat __x64_sys_mlockall __ia32_sys_mlockall __x64_sys_setgroups16 __x64_sys_chroot __ia32_sys_chroot sk_reuseport_func_proto drm_open mqueue_create_attr __x64_sys_acct maybe_link do_name __x64_sys_linkat __ia32_sys_linkat __x64_sys_link __ia32_sys_link vfs_path_lookup ip_rcv ip_rcv_finish ip_rcv_finish_core ip_sublist_rcv ip_list_rcv cipso_v4_error __ia32_sys_perf_event_open __x64_sys_fsopen __x64_sys_renameat2 __ia32_sys_renameat2 __ia32_sys_rename __x64_sys_mq_open __ia32_sys_mq_open do_mq_open __x64_sys_setgroups __x64_sys_setgid16 __ia32_sys_setgid16 compat_ip_setsockopt __x64_sys_umount __ia32_sys_umount __x64_sys_oldumount __ia32_sys_oldumount tc_filter_init __x64_sys_epoll_ctl __x64_sys_swapon __ia32_sys_swapon __x64_sys_sethostname __x64_sys_adjtimex_time32 __ia32_sys_adjtimex_time32 __x64_sys_adjtimex __x64_sys_rt_tgsigqueueinfo packet_sendmsg_spkt __ia32_sys_syslog sock_zerocopy_realloc rtnl_setlink rtnetlink_init netlink_proto_init sock_do_ioctl compat_sock_ioctl set_default_qdisc tc_action_init modify_user_hw_breakpoint compat_do_ipt_get_ctl __x64_sys_quotactl __ia32_compat_sys_quotactl32 cdrom_ioctl bsg_scsi_fill_hdr sg_write ext4_claim_free_clusters ext4_move_extents ext4_tmpfile ext4_rename2 ext4_mkdir ipv6_setsockopt compat_ipv6_setsockopt rmqueue_bulk acpi_install_global_event_handler kcalloc.28206 quiet_vmstat default_idle_call account_idle_ticks copy_user_huge_page phys_pte_init blk_mq_dequeue_from_ctx unmap_pmd_range ldt_dup_context __ia32_compat_sys_fcntl snapshot_compat_ioctl calc_load_nohz_stop acpi_bios_warning uprobe_dup_mmap blk_mq_try_issue_list_directly acpi_tb_create_local_fadt __migration_entry_wait sched_idle_set_state __node_reclaim trace_cpu_idle_rcuidle.54181 date_str reset_vma_resv_huge_pages uprobe_end_dup_mmap compaction_defer_reset populate_pmd printk_percpu_data_ready ip_cmsg_send __next_mem_range_rev __load_ucode_intel time_str move_freepages_block load_elf_library.16752 rmqueue_pcplist __efi_memmap_init copy_page_range uprobe_start_dup_mmap try_to_compact_pages msgctl_down memblock_phys_alloc_range __efi_memmap_alloc_late vfs_dedupe_file_range gen_pool_create pcpu_block_refresh_hint acpi_gsi_to_irq fifo_open acpi_irq_stats_init __absent_pages_in_range acpi_os_physical_table_override acpi_tb_parse_fadt memmap_init_zone lruvec_init adjust_zone_range_for_zone_movable inherit_event bstr_printf ns2usecs local_touch_nmi __do_page_fault validate_xmit_skb_list dev_queue_xmit_nit trace_print_lat_fmt restore_reserve_on_error finish_mkwrite_fault __swap_count __lock_page_or_retry blk_mq_do_dispatch_ctx __ia32_sys_pipe huge_pte_alloc efi_memmap_install ldt_arch_exit_mmap ___pmd_free_tlb ___pud_free_tlb tcp_setsockopt __ia32_sys_semtimedop free_pages_and_swap_cache acpi_tb_validate_temp_table __x64_sys_setregid sbitmap_get_shallow efi_memmap_unmap wb_start_background_writeback blk_mq_dispatch_rq_list aio_write stop_machine_unpark rcu_report_dead pud_free_pmd_page __se_sys_remap_file_pages hrtimer_get_next_event clear_asid_other __mmu_notifier_release do_ip_setsockopt security_kernfs_init_security page_rmapping rtc_str alloc_mnt_ns pud_set_huge ___pte_free_tlb __x64_sys_io_uring_enter node_reclaim tick_unfreeze rcu_sync_func pgdat_init_internals rwsem_spin_on_owner cpuidle_enter_state should_reclaim_retry vprintk_default dump_cpu_task perf_pmu_sched_task wakeup_kswapd compat_ksys_ipc printk_safe_log_store phys_pmd_init trace_cpu_idle_rcuidle.6810 mtrr_type_lookup_variable srcu_funnel_exp_start cyc2ns_read_begin rcu_eqs_enter acpi_ev_gpe_initialize in_entry_stack cyc2ns_read_end find_mergeable_anon_vma rcu_segcblist_first_pend_cb __x64_sys_mkdirat __memblock_find_range_top_down posix_clock_realtime_adj populate_pgd path_removexattr node_dirty_ok fpu__init_cpu_xstate memblock_alloc_range_nid inherit_task_group pcpu_next_fit_region in_task_stack __ia32_sys_tgkill show_swap_cache_info __se_sys_kill log_store __x64_sys_kill cont_add pcpu_block_update hugetlb_show_meminfo sock_ioctl __alloc_pages_direct_compact trace_find_next_entry load_ucode_amd_ap lockref_mark_dead load_ucode_intel_ap sync_global_pgds p4d_free_pud_page tick_freeze pcpu_chunk_refresh_hint nohz_balance_enter_idle prep_new_page rmqueue __ia32_compat_sys_x86_clone try_to_free_pages reuse_swap_page pmd_set_huge put_pwq tick_resume_broadcast x86_read_arch_cap_msr acpi_tb_override_table __ia32_compat_sys_io_submit dl_change_utilization __ia32_sys_pivot_root dump_unreclaimable_slab amd_filter_mce mce_gen_pool_init driver_deferred_probe_add pm_wakeup_source_sysfs_add pcpu_block_update_hint_alloc acpi_os_install_interrupt_handler earlycon_init memblock_search_pfn_nid vfs_getxattr_alloc init_entity_runnable_average acpi_os_get_root_pointer efi_memmap_insert efi_memmap_split_count init_currently_empty_zone zone_absent_pages_in_node __init_cache_modes __ia32_compat_sys_ipc d_prune_aliases ext4_link audit_mark_compare wake_const_ops pid_ns_prepare_proc msg_init_ns sem_init_ns fpu__copy acpi_ut_create_update_state acpi_ns_create_node __crash_kexec follow_huge_pmd_pte tick_get_tick_sched pwq_activate_first_delayed ring_buffer_peek rb_iter_peek seq_buf_bprintf seq_buf_putmem ext4_zero_range ftrace_find_event seq_buf_putmem_hex rb_buffer_peek machine_emergency_restart kernel_map_pages_in_pgd add_to_page_cache_locked __swp_swapcount set_pageblock_migratetype update_ref_ctr hugetlb_cow drain_zone_pages tick_nohz_idle_stop_tick __tick_broadcast_oneshot_control tick_check_broadcast_expired rcu_idle_enter tk_debug_account_sleep_time cpuidle_enter_s2idle ntp_tick_length second_overflow clock_was_set_delayed peernet2id get_xps_queue dequeue_skb trace_print_printk_msg_only __mmu_notifier_change_pte munlock_vma_page do_wp_page __early_pfn_to_nid dev_hard_start_xmit get_nohz_timer_target page_add_new_anon_rmap wb_update_dirty_ratelimit lookup_swap_cache __x64_sys_swapoff printk_nmi_direct_exit __update_ref_ctr rcu_sync_exit inat_get_last_prefix_id dev_vprintk_emit arch_uprobe_analyze_insn fsnotify_compare_groups workingset_refault cgroup_free security_task_free unaccount_page_cache_page visit_groups_merge __perf_event_task_sched_in trace_rpm_idle_rcuidle blk_mq_sched_dispatch_requests rbt_memtype_erase shm_exit_ns exit_aio tick_nohz_get_next_hrtimer show_stack __mutex_lock_killable_slowpath audit_classify_syscall kzalloc.5669 kthread_bind_mask __up_read trace_event_enable_cmd_record clockevents_program_min_delta sch_direct_xmit __munlock_isolate_lru_page uprobe_munmap oom_score_adj_write mod_zone_page_state clear_page_mlock unmap_page_range vma_interval_tree_remove trace_print_lat_context blk_mq_insert_requests xas_create __fsnotify_inode_delete alloc_vfsmnt create_task_io_context acpi_platform_notify scan_swap_map_try_ssd_cluster follow_page_mask pgd_alloc set_swbp pmd_clear_huge acpi_tb_acquire_table acpi_tb_verify_temp_table security_inode_alloc acpi_ut_repair_name __x64_sys_setfsgid PageMovable on_each_cpu_cond_mask __rq_qos_requeue blk_mq_request_bypass_insert blk_stat_add sbitmap_queue_wake_up print_worker_info cgroup_propagate_frozen __kmem_cache_create __early_ioremap inode_wait_for_writeback delete_from_page_cache_batch workingset_activation trace_event_enable_tgid_record xas_find_conflict do_clear_cpu_cap vmalloc_to_pfn get_swap_pages dev_pm_qos_constraints_destroy __purge_vmap_area_lazy dpm_sysfs_remove find_css_set blk_mq_add_to_requeue_list add_to_swap pageout __ia32_sys_tkill __delete_from_swap_cache rtnl_newlink free_swap_slot __blk_mq_insert_request __se_sys_rt_sigqueueinfo delete_from_swap_cache pte_alloc_one cpuhp_online_idle bitmap_ord_to_pos __x64_sys_fremovexattr __cpuset_node_allowed console_sysfs_notify pud_clear_huge walk_mem_res rwsem_down_write_slowpath free_vm_area __acpi_map_table lru_cache_add_active_or_unevictable wake_up_idle_cpu software_node_notify security_task_alloc __up __pte_alloc_kernel memblock_insert_region load_mm_ldt.2023 __x64_sys_keyctl _get_random_bytes in_gate_area dev_pm_disable_wake_irq_check pgd_page_get_mm __rpm_callback memblock_merge_regions dev_pm_enable_wake_irq_check anon_vma_interval_tree_remove memcmp_pages sock_diag_broadcast_destroy put_dec_trunc8 ioremap_wt acpi_ns_install_node __pagevec_lru_add choose_new_asid mnt_pin_kill memblock_double_array printk_nmi_direct_enter arch_jump_label_transform_apply arch_cpu_idle_prepare number init_kernel_text apic_smt_update pcpu_alloc_area xfrm_netlink_rcv link_css_set slab_err __rq_qos_done_bio read_persistent_clock64 cpuidle_select tick_nohz_stop_tick arch_cpu_idle rcu_segcblist_init __ia32_compat_sys_msgsnd __delayacct_thrashing_end memblock_find_in_range_node blk_mq_get_driver_tag get_next_timer_interrupt __mnt_drop_write_file wq_worker_running should_skip_region efi_memmap_alloc fwnode_remove_software_node __sk_destruct blk_account_io_done e820__range_update tracing_start_cmdline_record __sprint_symbol kobj_kset_leave bpf_flow_dissect __kernel_text_address irq_pm_install_action exit_creds __inc_numa_state update_vsyscall __ia32_sys_fsetxattr find_cpio_data clockevents_resume new_slab timer_clear_idle tick_broadcast_oneshot_active ip4_addr_string_sa __rb_allocate_pages kvasprintf_const inat_get_avx_attribute workingset_eviction radix_tree_tag_get pcpu_find_block_fit alloc_uevent_skb __try_to_reclaim_swap clockevents_suspend clocksource_stop_suspend_timing __x64_sys_setrlimit rcu_sync_init evict get_any_partial console_unlock tty_compat_ioctl __swap_duplicate igrab get_vm_area_caller __x64_sys_setuid __free_vmap_area strscpy idr_find sk_filter_trim_cap cpu_init capable rcuwait_wake_up register_reboot_notifier find_suitable_fallback hugetlb_fault check_object apply_wqattrs_commit kernfs_put acpi_tb_validate_table is_module_text_address do_swap_page early_pfn_to_nid mutex_lock proc_loginuid_write __next_zones_zonelist __trace_bprintk e820__range_add compat_do_ip6t_get_ctl netlink_unicast idr_alloc __alloc_percpu_gfp calculate_sizes acpi_ev_delete_gpe_xrupt security_fs_context_parse_param register_pernet_operations mod_delayed_work_on current_time pcpu_alloc fprop_global_init device_links_read_unlock __mutex_lock_slowpath __ia32_sys_io_submit synchronize_rcu_expedited list_lru_add select_idle_routine group_sched_out __cpuhp_setup_state_cpuslocked pcpu_populate_chunk queue_rcu_work cgroup_finalize_control tracefs_create_dir schedule_preempt_disabled filename_parentat ip_options_get trace_handle_return bitmap_list_string prepare_to_wait_event change_mnt_propagation emergency_restart clockevents_tick_resume get_device acpi_os_read_memory ns_capable tsx_disable device_links_driver_cleanup lookup_module_symbol_name __lock_task_sighand ktime_get_real_seconds cgroup_apply_control __delayacct_thrashing_start __se_sys_setgroups16 crash_smp_send_stop memmap_init __jump_label_update snd_pcm_lib_mmap_iomem audit_serial signal_wake_up_state down_write_killable __irq_put_desc_unlock migrate_prep_local bio_advance __msecs_to_jiffies kzalloc.3638 swp_swap_info wake_up_and_wait_for_irq_thread_ready timer_reduce __irq_set_trigger get_swap_device __ia32_sys_timerfd_settime32 kernfs_remove_by_name_ns sysfs_create_group __put_cred clear_IO_APIC __swap_entry_free __internal_add_timer expand_files rcu_accelerate_cbs rb_next ipc_init_ids region_chg pktsched_init freezing_slow_path print_trailer xlate_dir rcu_segcblist_accelerate __ia32_sys_seccomp set_pte_vaddr sprint_symbol_no_offset cn_cb_equal in_gate_area_no_mm device_release_driver_internal kernfs_remove register_filesystem kernfs_create_dir_ns pwq_dec_nr_in_flight trace_vbprintk perf_trace_init crng_make_state uuid_string has_capability_noaudit put_css_set_locked semctl_stat __dquot_alloc_space vt_event_post __node_distance perf_pmu_register timerqueue_iterate_next __wakeup_flusher_threads_bdi acpi_ut_pop_generic_state __add_to_page_cache_locked phys_pud_init __cpuhp_remove_state perf_event_alloc mutex_lock_killable acpi_hw_write_port get_symbol_pos ___perf_sw_event hugetlb_acct_memory tlb_gather_mmu pm_runtime_remove locks_remove_posix acpi_hw_get_bit_register_info nsec_to_clock_t sysfs_create_groups __ia32_sys_setsockopt radix_tree_iter_tag_clear __free_slab __nodes_weight.14244 __page_mapcount unfreeze_partials acpi_ev_install_sci_handler page_swap_info acpi_write_bit_register alloc_surplus_huge_page rmap_walk_anon format_decode kernel_map_sync_memtype ktime_get path_mountpoint intel_init_lmce clocksource_mark_unstable truncate_cleanup_page get_task_io_context __add_wb_stat bus_remove_device reserve_memtype apply_microcode_early sort delete_node acpi_hw_get_mode __checkparam_dl rcu_report_exp_cpu_mult __put_page set_memory_nx acpi_ut_validate_exception blocking_notifier_chain_register kzalloc.10442 cpumask_next radix_tree_node_alloc hugepage_subpool_put_pages __mutex_init acpi_hw_validate_io_request device_del find_last_bit path_put static_key_count acpi_os_remove_interrupt_handler inode_io_list_del ipc_obtain_object_check __ia32_sys_sethostname acpi_get_table_header css_has_online_children machine_kexec rcu_irq_exit_irqson __dl_clear_params clocksource_arch_init ___slab_alloc vprintk_emit rhashtable_init __zone_watermark_ok defer_console_output attach_entity_load_avg __tasklet_schedule_common tty_set_ldisc kobject_put arch_perf_update_userpage rcu_gp_is_normal _set_memory_wc shmem_swapin_page string_escape_mem mod_node_page_state verify_patch sysfs_create_file_ns lo_compat_ioctl copy_ipcs strcspn insn_get_immediate hide_cursor scsi_cmd_ioctl SEQ_printf __io_queue_sqe scan_microcode show_workqueue_state __kernfs_setattr __text_poke kallsyms_lookup compaction_suitable __mmput __tick_nohz_idle_restart_tick acpi_get_override_irq __alloc_skb rebind_subsystems try_to_free_swap __put_anon_vma region_add tk_setup_internals put_dec print_track mutex_spin_on_owner vma_dup_policy static_key_slow_inc_cpuslocked memblock_alloc_internal count_subheaders size_to_hstate idr_destroy _raw_spin_trylock free_pgtables sb_clear_inode_writeback find_next_zero_bit __show_regs acpi_os_printf __x64_sys_semop refcount_dec_not_one __rq_qos_done rcu_irq_enter_irqson cgroup_apply_cftypes scan_swap_map_slots capable_wrt_inode_uidgid put_task_struct_rcu_user tracing_start_sched_switch acpi_os_create_semaphore free_ipcs acpi_tb_validate_rsdp perf_event_update_userpage __percpu_up_read memparse acpi_ns_local memcmp __register_sysctl_table trace_clock_local copy_creds integrity_inode_free hrtimer_try_to_cancel __mpol_equal css_set_move_task tracing_set_tracer swapcache_prepare netlink_has_listeners sync_rcu_exp_select_cpus audit_get_tty mark_tsc_unstable memunmap irq_chip_pm_get __d_lookup_done __printk_safe_enter put_files_struct vmalloc_sync_unmappings __dev_kfree_skb_any acpi_ns_build_internal_name prot_none_hugetlb_entry timekeeping_update complete put_filesystem x86_family init_wait_entry mnt_change_mountpoint put_links rcu_segcblist_advance vscnprintf laptop_io_completion finish_task_switch ioremap_nocache nf_conntrack_destroy rbt_memtype_check_insert rcu_qs gen_pool_add_owner __detach_mounts propagate_mount_unlock slab_bug __refrigerator timekeeping_notify wait_for_common __mpol_dup io_prep_rw proc_create_single_data sysfs_warn_dup audit_log_start pat_init dev_driver_string sched_clock_cpu dump_stack_print_info abort_creds module_address_lookup numa_default_policy kernfs_setattr device_remove_file schedule_timeout xas_find swap_count_continued set_secondary_fwnode __nlmsg_put acpi_ut_create_update_state_and_push __wb_update_bandwidth read_cache_page __kmalloc_track_caller __update_load_avg_blocked_se proc_mkdir_mode vfs_parse_fs_string acpi_ns_validate_handle acpi_ev_get_gpe_xrupt_block kmem_cache_destroy down inode_add_lru assoc_array_cancel_edit event_sched_out __dev_pm_qos_remove_request ftrace_set_clr_event do_trace_write_msr vma_mmu_pagesize _raw_write_lock anon_inode_getfile get_user_pages_remote acpi_hw_register_write sysfs_remove_groups free_pgd_range _raw_spin_unlock_bh blk_flush_plug_list iput ata_scsi_ioctl intel_init_thermal sk_filter_uncharge blkdev_issue_discard __ia32_sys_acct alloc_fs_context __perf_event_task_sched_out vmalloc_to_page kmem_cache_alloc free_buffer_head swake_up_one insn_get_length device_links_read_lock exit_thread __ia32_compat_sys_mbind lru_cache_add_anon load_mm_ldt.4450 do_compat_fcntl64 kfree strcpy wake_up_bit set_tracer_flag arch_smt_update acpi_ev_create_gpe_block down_trylock check_irq_resend cpumask_weight device_remove_groups strsep __sbitmap_queue_get msleep krealloc exit_files try_to_unmap_flush_dirty css_populate_dir ring_buffer_record_enable account_kernel_stack sysfs_remove_file_ns follow_hugetlb_page tick_oneshot_mode_active bio_put tick_setup_periodic static_protections kernfs_notify switch_mm_irqs_off kill_fasync rhashtable_destroy kmem_cache_create get_next_ino __ia32_sys_swapoff vprintk_func d_set_d_op xas_init_marks unlink_anon_vmas acpi_enable_subsystem vm_munmap acpi_ns_walk_namespace on_each_cpu __warn_printk mac_address_string show_mem free_vmap_area_noflush propagate_entity_load_avg check_tsc_unstable queue_stop_cpus_work zone_reclaimable_pages try_to_wake_up idr_alloc_cyclic sysfs_delete_link synchronize_sched_expedited_wait assoc_array_insert_set_object ring_buffer_normalize_time_stamp netlink_trim __pti_set_user_pgtbl alloc_pages_vma io_write acpi_hw_write tick_nohz_idle_enter find_first_bit unmap_mapping_pages skb_tstamp_tx idt_setup_from_table set_memory_4k mutex_is_locked kzalloc.25430 sysfs_do_create_link_sd rcu_exp_wait_wake load_ucode_ap pmd_free_pte_page cpuset_mems_allowed unlock_page __hrtimer_start_range_ns trace_printk_control wakeup_flusher_threads mntput init_cgroup_root __vma_link_list find_vm_area tty_open swap_duplicate __note_gp_changes mce_available key_alloc sysfs_slab_release _raw_spin_lock_bh unmap_vmas bit_waitqueue acpi_os_write_port init_and_link_css audit_panic timekeeping_suspend rhashtable_free_and_destroy kmem_cache_create_usercopy rwsem_down_read_slowpath __key_link_lock cgroup_setup_root __ftrace_set_clr_event_nolock sched_clock_tick memblock_free get_fixed_ranges __printk_safe_exit try_to_unmap_flush acpi_ns_remove_node blk_queue_exit do_smart_update ntp_clear mutex_unlock sysfs_remove_group __bitmap_clear tty_jobctrl_ioctl __put_net tsc_enable_sched_clock pcpu_free_area alloc_large_system_hash vfree_atomic add_swap_count_continuation hard_smp_processor_id kernfs_destroy_root restore_boot_irq_mode threshold_restart_bank vfs_removexattr d_instantiate msi_create_irq_domain bd_forget __irq_domain_alloc_fwnode trace_print_bputs_msg_only init_dl_bw audit_kill_trees arch_jump_label_transform_queue __srcu_read_lock acpi_ut_valid_object_type remove_wait_queue kobject_init efi_update_mappings new_inode kmsg_read __vunmap put_and_wait_on_page_locked arch_jump_label_transform_static blk_rq_init set_direct_map_default_noflush cgroup_rstat_init printk ktime_get_mono_fast_ns kernel_text_address irq_pm_remove_action tracefs_create_file strcmp workqueue_sysfs_register audit_remove_mark tick_resume_oneshot put_pid_ns __x64_sys_getxattr sort_extable wakeup_kcompactd blk_mq_sched_mark_restart_hctx _dev_warn static_key_slow_inc unregister_sysctl_table sched_clock_stable timekeeping_resume device_pm_check_callbacks create_setparam irq_init_percpu_irqstack __acpi_unmap_table disable_err_thresholding perf_output_copy prepare_to_wait_exclusive bus_for_each_drv mpol_shared_policy_lookup do_symlink __init_waitqueue_head proc_create_data remove_hrtimer wait_on_page_bit clockevents_program_event __nodes_weight mp_find_ioapic alloc_pages_current __ptrace_link warn_alloc __ia32_sys_setpriority cpuidle_get_cpu_driver cache_from_obj vfs_parse_fs_param handle_mm_fault key_user_lookup calc_global_load ktime_get_with_offset mce_gen_pool_add radix_tree_extend stop_machine key_payload_reserve inactive_list_is_low stop_machine_cpuslocked on_each_cpu_cond rcu_segcblist_pend_cbs shrink_active_list simple_strtoul compat_ksys_semtimedop security_sb_set_mnt_opts huge_node acpi_os_allocate_zeroed copy_tree rcu_sync_enter _parse_integer_fixup_radix __wake_up_pollfree acpi_install_fixed_event_handler get_stack_info internal_create_group __ia32_sys_mlock2 ext4_should_retry_alloc do_set_mempolicy audit_log_key gen_pool_alloc_algo_owner mpc_ioapic_id simple_strtoull mask_irq __e820__range_add cgroup_propagate_control async_synchronize_full clocksource_select_watchdog __create_dir i915_gem_userptr_dmabuf_export get_gate_vma unix_compat_ioctl get_vfs_caps_from_disk parse_options.31906 irq_domain_update_bus_token timekeeping_max_deferment trace_print_bprintk_msg_only free_area_init_node strchrnul __x64_sys_timerfd_create _raw_read_lock apply_alternatives initialize_tlbstate_and_flush __mmdrop acpi_put_table __x64_sys_ioprio_set static_key_disable_cpuslocked register_pm_notifier dput_to_list register_lapic_address __irq_set_affinity unwind_next_frame vmalloc_sync_mappings netif_skb_features irq_do_set_affinity nsecs_to_jiffies64 __memblock_find_range_bottom_up writeback_single_inode arch_cpu_idle_exit machine_crash_shutdown srcu_gp_start mce_setup e820__range_remove svc_tcp_create x86_match_cpu I_BDEV follow_huge_pud tick_nohz_tick_stopped kzalloc.67123 __tasklet_schedule acpi_os_table_override ioremap_cache __x64_sys_sched_setaffinity acpi_ns_handle_to_pathname ext4_ioctl add_wait_queue_exclusive simple_strtol rcu_is_watching put_ctx register_irq_proc device_get_devnode __down_timeout acpi_os_delete_semaphore acpi_ut_acquire_mutex rcu_nmi_enter acpi_pm_read_verified acpi_os_wait_semaphore mce_amd_feature_init acpi_ut_delete_generic_state __thaw_task slab_fix hrtimer_start_range_ns clocksource_default_clock inode_has_buffers irq_work_needs_cpu pcpu_get_vm_areas domain_dirty_limits __ia32_compat_sys_sched_setaffinity __dec_zone_state __kmem_cache_alias find_next_and_bit lookup_one_len_common task_curr blk_mq_get_tag chacha_permute queue_delayed_work_on setup_net acpi_ns_get_type __register_sysctl_paths fc_mount free_nsproxy sbitmap_finish_wait acpi_os_release_object __kmalloc_node add_wait_queue wake_up_nohz_cpu proc_mkdir profile_init fsnotify_free_mark down_write arch_dup_task_struct key_remove_domain acpi_ut_release_mutex cgroup_migrate_execute skb_panic acpi_ut_allocate_object_desc_dbg kthread_data down_read __ia32_sys_msgctl device_initial_probe lockref_put_or_lock unregister_shrinker kobject_del find_get_pages_range_tag pgd_free xas_set_mark __se_sys_msgctl __percpu_counter_init strlen __next_mem_pfn_range set_rq_online do_writepages early_enable_events mmput kmsg_open purge_fragmented_blocks_allcpus efi_mem_reserve trace_console_rcuidle get_order.14439 acpi_ns_get_node flush_workqueue __writeback_single_inode migration_entry_wait net_disable_timestamp audit_watch_compare tick_clock_notify sum_zone_node_page_state driver_bound copy_process strim find_get_entry pmd_huge rb_erase __key_link kthread_probe_data __init_rwsem migrate_page_copy perf_iterate_sb _dev_info setup_APIC_eilvt drm_ioctl acpi_table_initrd_scan __var_waitqueue try_to_free_buffers anon_vma_clone perf_event_free_task __key_link_end cgroup_apply_control_enable acpi_ds_scope_stack_push deferred_error_interrupt_enable acpi_ns_attach_object unmap_mapping_page access_process_vm blocking_notifier_call_chain shrink_dcache_parent sprintf __access_remote_vm __mmu_notifier_invalidate_range_start acpi_format_exception get_mm_exe_file __udelay set_page_dirty_lock sysfs_merge_group acpi_hw_read_multiple audit_log_d_path cpuidle_reflect __x64_sys_fcntl unregister_handler_proc __page_cache_alloc __pm_runtime_resume ring_buffer_free audit_log_n_hex _parse_integer_limit memblock_reserve send_sig __ia32_sys_renameat pid_nr_ns io_sq_wq_submit_work _cond_resched strnlen_user cleanup_mnt device_bind_driver vm_stat_account bitmap_onto dl_param_changed acpi_os_read_port alloc_file_pseudo mq_init_ns usbdev_mmap clear_IO_APIC_pin __swap_entry_free_locked putback_active_hugepage try_module_get free_cgroup_ns __x64_sys_init_module alloc_vmap_area acpi_ns_search_and_enter device_initialize irq_work_sync mpol_set_nodemask __qdisc_run tracepoint_probe_register alloc_set_pte security_prepare_creds strreplace proc_symlink kick_process panic __xfrm_state_destroy __isolate_lru_page replace_chunk __ia32_sys_rt_tgsigqueueinfo _free_event anon_vma_fork fsnotify_recalc_mask local_bh_enable sysfs_slab_unlink __ia32_sys_fsmount refcount_dec_and_lock_irqsave exit_io_context lookup_address_in_pgd __cpuhp_state_add_instance acpi_ut_push_generic_state call_usermodehelper_exec_work kvasprintf trace_find_tgid __kernel_physical_mapping_init __cpuhp_remove_state_cpuslocked __mod_timer get_unused_fd_flags invoke_rcu_core lru_add_drain_cpu irq_chip_pm_put memremap node_page_state xmit_one do_syscall_64 __update_load_avg_se page_mapping wb_stat_error kcalloc.13679 skb_push find_next_bit __add_preferred_console bdev_read_page kobject_set_name pid_vnr proc_free_inum ktime_get_update_offsets_now vmap_page_range_noflush name_to_int save_microcode_patch cancel_work_sync security_inode_free scnprintf nr_free_buffer_pages __is_insn_slot_addr cpuhp_invoke_callback unregister_console cleanup_glue_dir mix_pool_bytes hrtimer_cancel __cancel_dirty_page memblock_setclr_flag acct_clear_integrals queue_work_on pcpu_mem_zalloc rcu_force_quiescent_state audit_log_n_untrustedstring kblockd_mod_delayed_work_on ipv4_link_failure acpi_ex_unlink_mutex vfs_setxattr perf_event_namespaces __d_lookup wb_wakeup_delayed __cancel_work_timer tty_name kobject_cleanup smca_set_misc_banks_map namespace_unlock ihold acpi_ut_validate_buffer kernfs_find_and_get_ns __next_node add_taint acpi_tb_put_table mp_override_legacy_irq fprop_fraction_percpu check_multiple_madt flow_dissector_func_proto wait_for_completion audit_ctl_unlock sync_rcu_exp_select_node_cpus perform_atomic_semop mtrr_attrib_to_str acpi_ut_remove_reference request_threaded_irq __e820__range_update ring_buffer_read __vfs_setxattr_locked int_sqrt d_invalidate kobj_map_init acpi_ut_get_descriptor_name trace_set_options rht_key_hashfn.59639 __x64_sys_msgsnd __alloc_file acpi_tb_install_standard_table acpi_os_map_iomem free_pud_range __acpi_osi_setup_darwin register_die_notifier snd_pcm_lib_default_mmap audit_string_contains_control acpi_ns_detach_object do_rt_tgsigqueueinfo list_del_event acpi_os_release_lock sbitmap_queue_clear shrink_zones acpi_bind_one post_set blk_mq_poll_stats_bkt pde_put post_init_entity_util_avg tty_kref_put cpudl_init wakeup_sysfs_add sched_clock_idle_sleep_event add_event_to_ctx update_wall_time ip_options_get_from_user trace_printk_init_buffers __x64_sys_msgget task_active_pid_ns device_add_groups vfs_getxattr migrate_page_states setup_earlycon devtmpfs_create_node groups_search keyring_alloc _set_memory_uc shmem_getpage_gfp svc_udp_create exit_task_namespaces bus_probe_device set_page_dirty __wait_rcu_gp cpus_read_lock cond_synchronize_rcu proc_entry_rundown clocks_calc_mult_shift posix_acl_permission proc_remove task_participate_group_stop __vmalloc_node_range determine_cpu_tsc_frequencies __vma_rb_erase async_schedule_node tty_ldisc_init kobj_ns_ops recalc_sigpending __x64_sys_rename get_task_pid prepare_set dmi_match pm_qos_sysfs_remove_flags simple_pin_fs __synchronize_srcu ring_buffer_record_disable numa_nodemask_from_meminfo put_mnt_ns subtract_range find_lock_entry idr_remove acpi_ns_delete_node unmap_region exit_mmap acpi_exception xas_store __anon_vma_prepare firmware_map_add_entry acpi_ns_get_node_unlocked put_mountpoint put_io_context efi_runtime_disabled radix_tree_node_rcu_free audit_log_untrustedstring rcu_start_this_gp __lookup_mnt key_schedule_gc_links __se_sys_mremap user_disable_single_step percpu_ref_init acpi_ut_create_internal_object_dbg vm_brk_flags __seccomp_filter wait_for_common_io alloc_pages_exact __schedule schedule_timeout_uninterruptible alloc_fdtable radix_tree_insert mce_gen_pool_empty security_task_getsecid kvfree current_cpuset_is_being_rebound __unwind_start vfs_rmdir __netif_schedule security_file_send_sigiotask remove_proc_subtree ___xfrm_state_destroy cgroup_update_frozen get_acl fprop_reflect_period_percpu balance_dirty_pages_ratelimited bad_page __se_sys_prctl __call_srcu irq_shutdown trace_buffered_event_disable __cond_resched_lock write_inode_now cpu_idle_poll acpi_sci_ioapic_setup acpi_ns_get_secondary_object blk_partition_remap _raw_read_lock_irqsave prot_none_pte_entry tk_set_wall_to_mono seq_buf_putc apply_workqueue_attrs_locked acpi_ns_opens_scope acpi_ev_delete_gpe_block get_random_bytes __mutex_lock page_is_ram syscall_init mtrr_type_lookup get_task_mm ksys_msgsnd ext4_fallocate alloc_file acpi_ns_search_one_scope irq_domain_deactivate_irq flush_tlb_mm_range install_thread_keyring_to_cred perf_lock_task_context _raw_read_unlock_irqrestore generic_make_request kthread_create_on_node rmap_walk_file __change_page_attr_set_clr rt_mutex_adjust_pi radix_tree_next_chunk is_bad_inode move_queued_task lruvec_lru_size special_hex_number ring_buffer_time_stamp register_pernet_subsys __e820__mapped_all d_path strncpy_from_user mp_find_ioapic_pin free_reserved_area klist_iter_init_node _copy_from_user new_inode_pseudo dup_fd __get_vm_area_node track_pfn_copy d_delete match_string get_option __percpu_down_read try_to_grab_pending __x64_sys_sched_setattr uart_parse_earlycon set_tls_desc percpu_down_write add_tracer_options __pagevec_release cpuset_nodemask_valid_mems_allowed __virt_addr_valid __call_rcu fd_install cgroup_enter_frozen blk_poll inat_get_opcode_attribute set_task_rq_fair do_msgsnd alloc_empty_file acpi_tb_uninstall_table acpi_os_map_memory acpi_osi_setup shrink_node cpumask_weight.9962 sg_ioctl _raw_read_unlock_bh acpi_unbind_one fpu__drop __dev_queue_xmit __delayacct_blkio_end free_pid siphash_1u64 update_cache_mode_entry security_inode_permission in_group_p generic_exec_single resched_curr __x64_sys_renameat rcu_segcblist_enqueue pid_task errseq_sample strnlen __mpol_put ida_alloc_range rpm_idle down_read_killable kmalloc_order_trace do_set_thread_area acpi_table_parse_madt cpupri_init xs_tcp_setup_socket __netlink_lookup hrtimer_active account_page_cleaned kobject_set_name_vargs cgroup_cancel_fork snprintf device_set_wakeup_capable acpi_table_parse acpi_ut_create_generic_state idr_preload audit_gid_comparator finish_swait drain_all_pages clocksource_suspend cgroup1_check_for_release shrink_lock_dentry __flush_work compaction_zonelist_suitable kernfs_path_from_node __first_node fold_diff xs_tcp_send_request key_set_index_key kzalloc.11663 _raw_spin_lock submit_bio timerqueue_add cn_netlink_send irq_set_affinity_locked do_pipe_flags select_fallback_rq __ns_get_path init_scattered_cpuid_features pit_hpet_ptimer_calibrate_cpu queue_work_node __set_cyc2ns_scale klist_add_tail synchronize_rcu wakeup_source_deactivate copy_fs_struct blk_stat_add_callback cn_netlink_send_mult security_capable up_read do_pipe2 activate_task jiffies_to_msecs acpi_tb_init_table_descriptor ns_get_path assoc_array_apply_edit locks_get_lock_context __get_free_pages __delayacct_freepages_start posix_lock_inode close_pdeo user_path_mountpoint_at __clocksource_update_freq_scale fsnotify_detach_mark calibrate_delay_is_known device_wakeup_disable smp_call_function_many rcu_note_context_switch kernfs_link_sibling memcpy_fromio __ia32_sys_setgroups16 ipv6_flowlabel_opt ktime_get_coarse_real_ts64 __bio_add_page __remove_mapping efi_mem_desc_lookup dput create_new_namespaces kill_rules xs_tcp_set_socket_timeouts vmf_insert_mixed netlink_attachskb oom_adj_write inc_node_page_state acpi_ut_get_node_name get_pfn_range_for_nid slab_unmergeable __do_once_done audit_log_n_string perf_try_init_event cpuidle_enter prepare_creds acpi_tb_get_next_table_descriptor dump_stack klist_node_attached fat_generic_compat_ioctl __get_task_comm device_release_driver print_tickdevice hrtimer_init wakeup_source_sysfs_add sched_ttwu_pending reweight_task read_current_timer ip6_addr_string ring_buffer_size __device_attach xs_udp_setup_socket refresh_cpu_vm_stats perf_group_detach migrate_pages acpi_ut_delete_object_desc mlock_vma_page __mcheck_cpu_cap_init tracepoint_probe_register_prio memblock_remove_region __ia32_sys_epoll_ctl gcd __xa_clear_mark rcu_irq_enter find_mergeable refcount_warn_saturate end_page_writeback free_memtype hpet_readl copy_net_ns wake_up_page_bit prandom_u32 rq_attach_root pm_suspended_storage wakeup_source_unregister apply_wqattrs_prepare get_cpu_cap clear_cpu_cap bitmap_zalloc read_pci_config ring_buffer_empty_cpu xa_load __flip_bit e820__mapped_all first_online_pgdat tty_ldisc_reinit __ia32_sys_clone ptrace_trap_notify vsnprintf fsnotify find_microcode_in_initrd drain_local_pages is_hpet_enabled dentry_unlink_inode lapic_get_maxlvt mqueue_create __const_udelay vmap __x64_sys_setfsuid __reset_isolation_pfn __mod_zone_page_state skb_network_protocol __x64_sys_setfsuid16 wakeup_sysfs_remove tracepoint_probe_unregister pointer machine_check_poll __free_one_page tick_program_event __mcheck_cpu_init_clear_banks tlb_finish_mmu allocate_trace_buffers x86_init_rdrand schedule_hrtimeout_range_clock schedule_hrtimeout umount_tree __ia32_sys_delete_module kthread_should_stop PageHuge flush_tlb_kernel_range early_memremap_prot atomic_notifier_chain_register __pskb_pull_tail fs_context_for_mount wq_worker_sleeping __next_mem_range acpi_tb_install_table_with_override tracing_reset_online_cpus sock_zerocopy_alloc early_printk llist_add_batch shm_init_ns kmalloc_slab get_slabinfo device_register pti_clone_pgtable __ia32_compat_sys_mq_open kmalloc_array.10495 zone_spanned_pages_in_node efi_mem_type __x64_sys_setreuid out_of_memory pat_disable acpi_ut_add_reference cgroup_migrate_prepare_dst acpi_os_stall memblock_remove_range acpi_enable xas_find_marked syscall_trace_enter filemap_fdatawait_range __update_load_avg_cfs_rq page_mapped cpuset_mem_spread_node note_gp_changes x86_configure_nx do_send_sig_info node_random audit_filter fpstate_init nr_context_switches path_get find_first_zero_bit __x64_sys_clone complete_signal stop_one_cpu e820__mapped_any security_task_setscheduler __printk_ratelimit rt_mutex_adjust_prio_chain set_memory_uc release_nodes ioremap_page_range perf_output_begin putback_lru_page klist_remove __setup_irq __set_task_comm kasprintf inet6_bind swapin_readahead remove_vm_area seq_buf_vprintf kzalloc.22360 release_pages hrtimer_init_sleeper __ia32_compat_sys_shmctl reweight_entity init_wait_var_entry __blk_mq_delay_run_hw_queue destroy_worker acpi_os_allocate_zeroed.29144 acpi_ev_initialize_events mce_read_aux tick_do_update_jiffies64 put_unbound_pool alloc_unbound_pwq reuseport_detach_sock mp_save_irq klist_next pm_qos_update_target swap_do_scheduled_discard apply_wqattrs_cleanup acpi_ns_internalize_name static_key_disable cpus_read_unlock unregister_filesystem __kernfs_remove alloc_desc acpi_ns_lookup __fprop_inc_percpu_max drain_slots_cache_cpu vsprintf enter_lazy_tlb pfn_range_is_mapped kfree_call_rcu housekeeping_cpumask cpuidle_not_available e820_end_pfn should_failslab get_task_exe_file _raw_spin_unlock_irqrestore _atomic_dec_and_lock do_trace_read_msr page_anon_vma rb_event_length __kernfs_new_node atomic_notifier_call_chain create_worker wait_iff_congested mutex_trylock key_schedule_gc sem_exit_ns cpumask_weight.6677 groups_free pagevec_lookup_range_tag do_tkill log_buf_len_update __secure_computing __vma_link_rb calculate_node_totalpages rbt_memtype_lookup ext4_create strncpy pagevec_remove_exceptionals acpi_locate_initial_tables ioremap_change_attr get_builtin_firmware sysfs_remove_link call_rcu zone_watermark_ok __xas_next acpi_os_write_memory prepend_path do_try_to_free_pages balance_dirty_pages set_intr_gate d_alloc_parallel reserve_pfn_range dnotify_flush ip_setsockopt security_inode_getsecid hugetlb_total_pages flags_string fsnotify_find_mark __dquot_transfer sysfs_slab_add _raw_spin_lock_irq identify_cpu __x64_sys_setsockopt __radix_tree_replace get_random_u64 slab_is_available copy_semundo __next_node_in isolate_movable_page __vfs_getxattr migrate_page_move_mapping task_set_jobctl_pending kobject_uevent_env wait_for_completion_killable acpi_table_parse_entries_array tsx_enable __wake_up_locked dev_queue_xmit fragmentation_index get_callchain_buffers alloc_workqueue get_partial_node console_trylock acpi_get_name wait_for_device_probe vprintk acpi_os_signal_semaphore bpf_prog_destroy hrtimers_resume __ia32_sys_fspick lockref_get free_pcp_prepare signalfd_cleanup memblock_find_in_range __pm_runtime_idle ring_buffer_event_length __se_sys_sched_setattr free_contig_range alloc_chunk ktime_get_real_ts64 queued_write_lock_slowpath get_cpu_entry_area vm_area_free sysfs_notify __static_key_slow_dec wake_up_process security_file_alloc acpi_tb_get_table lsm_append lru_add_drain rb_first ip6_string rb_set_head_page pud_huge __rb_insert_augmented d_walk audit_log_task_info exp_funnel_lock __vmalloc pat_bsp_init k8_check_syscfg_dram_mod_en __wake_up_sync_key alloc_low_pages cpu_smt_disable locks_free_lock_context part_dec_in_flight swapcache_free_entries xas_clear_mark wake_q_add_safe bitmap_alloc using_native_sched_clock unblank_screen __radix_tree_delete strlcpy e820_print_type init_dl_task_timer static_key_slow_dec tag_pages_for_writeback congestion_wait __percpu_init_rwsem free_uid hw_breakpoint_restore list_lru_del map_kernel_range_noflush tracing_set_clock wake_up_klogd simple_release_fs mempolicy_nodemask_intersects __x64_sys_seccomp __x64_sys_sched_setparam sync_global_pgds_l4 __lookup_slow early_ioremap get_xsave_addr __cpuhp_state_remove_instance plist_requeue show_iret_regs extend_brk iounmap mce_register_decode_chain sysctl_err __skb_gso_segment __se_sys_brk tsc_store_and_check_tsc_adjust vm_normal_page kmem_cache_free acpi_ut_update_object_reference audit_log_end do_shrink_slab msr_clear_bit clockevents_shutdown clear_sched_clock_stable allocate_probes strnchr filter_cpuid_features vma_interval_tree_iter_first flush_tlb_func_common idr_replace native_write_cr4 __do_pipe_flags set_task_cpu arch_get_random_long ip4_string raise_softirq_irqoff ring_buffer_reset_cpu __kernfs_create_file __skb_flow_dissect __x64_sys_ioperm bitmap_fold auditd_test_task device_pm_sleep_init memblock_alloc_try_nid_raw __proc_create io_schedule_timeout strrchr vprintk_deferred rpm_suspend tick_get_broadcast_mask acpi_ut_get_type_name disable_irq_nosync __ia32_sys_msgsnd nla_put_64bit pagevec_lookup_entries __rb_erase_color acpi_ev_init_global_lock_handler security_sock_rcv_skb allow_direct_reclaim migration_entry_wait_huge early_pci_allowed mempolicy_slab_node rb_insert_color __clockevents_switch_state security_sk_free kern_path_create intel_ppin_init rb_prev optimize_nops osq_lock io_submit_one cpu_bugs_smt_update dequeue_huge_page_nodemask audit_tree_lookup __x64_sys_io_submit pm_qos_read_value trace_find_cmdline __cpuhp_setup_state netlink_broadcast sysfs_remove_dir audit_log_task_context wait_on_page_bit_common proc_create_seq_private up_write ip6_addr_string_sa rb_update_pages rcu_barrier munlock_vma_pages_range acpi_read_bit_register acpi_tb_verify_checksum update_and_free_page __filemap_fdatawait_range __fsnotify_vfsmount_delete bio_add_page ctx_sched_out jiffies_to_usecs vma_interval_tree_iter_next blk_mq_sched_insert_request file_update_time __pmd_alloc kzalloc.58470 acpi_ev_install_xrupt_handlers acpi_ns_externalize_name overlap_memmap_init jump_label_update __irq_get_desc_lock acpi_warning __split_vma nlmsg_notify __get_locked_pte init_espfix_ap acpi_error acpi_os_vprintf kern_unmount sysctl_print_dir __ia32_sys_msgget put_pid __x64_sys_lookup_dcookie extract_entropy fsnotify_get_mark cgroup_leave_frozen prepare_to_swait_event task_work_add shrink_dentry_list set_fs_root tick_get_device kexec_crash_loaded fill_pud set_normalized_timespec64 kernfs_create_link tick_get_broadcast_device is_subdir set_fs_pwd __set_pte_vaddr __skb_checksum acpi_ut_valid_nameseg klist_init native_set_fixmap free_area_init_core activate_page unmap_mapping_range __x64_sys_fork kobject_create_and_add prepare_signal move_pages_to_lru cpumask_next_and __ring_buffer_alloc __mod_node_page_state follow_invalidate_pte netdev_pick_tx kernfs_find_ns cgroup_freezing msgctl_stat set_rq_offline __percpu_counter_compare wp_page_copy __pageblock_pfn_to_page try_to_release_page __inc_zone_state __x64_sys_vfork __sigqueue_alloc kobject_add isolate_lru_page to_ratio __page_file_index acpi_initialize_tables rcu_nmi_exit __do_once_start call_srcu cgroup_post_fork __key_instantiate_and_link get_device_parent __lock_page dev_set_name early_memunmap skb_copy_ubufs put_device timerqueue_del pmu_dev_alloc inode_init_always __mutex_unlock_slowpath errseq_set switch_mm shrink_page_list kobject_get __send_signal kernel_thread bcmp early_iounmap kmem_cache_flags sbitmap_any_bit_set __ia32_sys_ioperm audit_ctl_lock task_join_group_stop compute_shiftstate iomem_map_sanity_check __pm_runtime_barrier __setparam_dl lockref_get_not_dead free_unref_page rcu_cpu_starting spp_getpage drop_sysctl_table memblock_alloc_try_nid __alloc_percpu finish_wait __ia32_sys_io_uring_enter parse_args microcode_sanity_check radix_tree_lookup print_cpu do_update_region free_irq do_unblank_screen __ia32_sys_fsconfig sort_r __alloc_pages_nodemask prune_tree_chunks sysfs_create_mount_point zone_pcp_init list_sort acpi_ut_valid_internal_object pagevec_lru_move_fn list_lru_destroy early_memremap compat_ksys_old_shmctl __printk_safe_flush pskb_expand_head map_swap_page autofs_root_ioctl __pm_runtime_disable __x64_sys_setresuid unmap_kernel_range_noflush oom_kill_process flush_work calibrate_delay set_direct_map_invalid_noflush native_write_cr0 __delay kprobe_flush_task cgroup_update_populated escaped_string print_tainted next_online_pgdat next_zone kern_path_mountpoint mce_intel_feature_init add_timer audit_log_exit ___ratelimit destroy_context_ldt uprobe_write_opcode get_pfnblock_flags_mask cgroup_file_notify __ftrace_vbprintk e820__update_table hex_dump_to_buffer blk_finish_plug user_path_at_empty sched_fork acpi_os_acquire_lock kmem_cache_alloc_node_trace put_fs_context __x64_sys_prctl init_srcu_struct_fields svc_setup_socket __free_pages_ok sock_filter_func_proto acpi_hw_read_port do_setlink region_del acpi_ut_get_mutex_name __srcu_read_unlock rcu_irq_exit device_remove_properties truncate_inode_pages_final perf_event_fork skb_under_panic init_srcu_struct __se_sys_shmctl __skb_ext_put __kthread_should_park region_intersects shmem_listxattr __ia32_sys_setregid sbitmap_get oom_badness __ia32_sys_fsopen si_mem_available retrigger_next_event update_io_ticks do_page_fault skip_spaces xas_pause insert_resource security_d_instantiate percpu_counter_add_batch x86_model complete_all get_filesystem sched_clock_idle_wakeup_event ktime_get_seconds rb_allocate_cpu_buffer cpumask_any_but __d_alloc irq_to_desc put_dec_full8 percpu_ref_exit sysfs_add_file_mode_ns mq_clear_sbinfo ip4_addr_string ring_buffer_resize __local_bh_enable_ip acpi_hw_validate_register core_kernel_text acpi_hw_set_mode print_hex_dump ptrace_notify __delayacct_blkio_start send_sigio_to_task __task_pid_nr_ns cgroup_addrm_files lookup_one_len_unlocked cmci_discover audit_filter_rules del_timer_sync ptrace_stop do_notify_parent_cldstop ip6_compressed_string rb_check_pages kernfs_drain_open_files hrtimer_sleeper_start_expires mntput_no_expire deactivate_super deactivate_locked_super stack_trace_save ring_buffer_consume downgrade_write exit_fs profile_handoff_task __put_super skip_atoi security_sb_free fsnotify_destroy_marks clean_path wake_up_var __tlb_remove_page_size perf_swevent_event shrink_inactive_list fsnotify_put_mark housekeeping_any_cpu refcount_dec_and_lock device_node_string fsnotify_grab_connector pr_cont_kernfs_name calc_load_nohz_start kmem_cache_alloc_trace fsnotify_put_group __ia32_compat_sys_migrate_pages lru_cache_add _raw_write_lock_irq pin_kill __x64_sys_fsconfig free_pcppages_bulk add_timer_on __audit_free device_create_file __filemap_set_wb_err async_synchronize_cookie_domain rpm_resume swap_cluster_readahead do_idle unreserve_highatomic_pageblock enable_irq inode_permission irq_startup ida_free insn_get_modrm sk_filter_func_proto __lookup_constant __free_irq irq_disable cpumask_weight.5681 trace_rpm_resume_rcuidle __kthread_create_on_node __key_link_begin _set_memory_wb shmem_read_mapping_page_gfp __ia32_sys_setgroups tty_audit_fork pm_qos_sysfs_remove_resume_latency static_key_enable_cpuslocked pageset_set_high_and_batch static_key_enable zone_batchsize kzalloc.17476 clone_mnt acpi_ns_get_internal_name_length strncmp free_debug_processing on_freelist __x64_sys_timerfd_settime blk_start_plug memblock_add_range __vma_adjust put_seccomp_filter rht_bucket_nested check_slab arch_stack_walk irq_setup_affinity unwind_get_return_address sock_ops_func_proto __radix_tree_lookup audit_compare_dname_path cmci_recheck _raw_spin_lock_irqsave up vbin_printf raise_softirq process_random_ready_list strchr tracing_start_tgid_record blk_mq_run_hw_queue __ioremap_caller __ia32_sys_mkdirat __mark_inode_dirty prctl_set_seccomp free_percpu vunmap_page_range free_kthread_struct device_links_busy gen_pool_destroy cpu_startup_entry kthread_unpark __ia32_compat_sys_lookup_dcookie wait_task_inactive __pte_alloc add_uevent_var add_to_avail_list plist_add read_pci_config_byte putback_movable_pages __delete_from_page_cache __x64_sys_shmctl tcp_get_timestamping_opt_stats skb_release_data shmem_mapping cg_skb_func_proto clear_huge_page time_and_date page_mkclean perf_event__output_id_sample find_task_by_pid_ns __x64_sys_tkill add_to_swap_cache xas_create_range put_swap_page set_memory_rw apply_constraint find_get_entries arch_irq_work_raise show_trace_log_lvl plist_del tick_nohz_idle_exit __wake_up file_ns_capable __sched_setscheduler setup_clear_cpu_cap register_sysctl_table kern_mount __vm_enough_memory dump_page clear_inode __clocksource_register_scale truncate_inode_pages_range wait_on_page_writeback pagecache_get_page add_to_page_cache_lru get_zeroed_page __inc_node_page_state remap_pfn_range bdev_read_only __sys_setsockopt radix_tree_iter_replace get_random_u32 exit_sem __ia32_sys_getxattr vmacache_update blake2s_update mark_page_accessed vzalloc_node ring_buffer_overruns x86_stepping proc_register io_schedule generic_make_request_checks cpuidle_find_deepest_state alloc_perf_context do_read_cache_page do_timer proc_alloc_inum __dec_node_state dup_mmap tty_register_ldisc kobject_init_and_add acpi_find_root_pointer device_unregister security_secid_to_secctx __blk_mq_end_request blk_mq_free_request __blk_mq_free_request blk_mq_sched_restart chacha_block blk_mq_put_tag __audit_inode_child mod_timer tick_get_broadcast_oneshot_mask blk_update_request __ia32_sys_fremovexattr cpuset_mems_allowed_intersects blk_recalc_rq_segments blk_dump_rq_flags __down_read tsk_fork_get_node bio_endio blk_status_to_errno __blk_mq_try_issue_directly wake_q_add blk_insert_flush __blk_mq_requeue_request set_memory_x kernfs_get acpi_hw_disable_gpe_block put_pwq_unlocked lwt_out_func_proto acpi_hw_register_read get_swap_page acpi_os_unmap_iomem module_put propagate_umount compact_zone locks_release_private isolate_migratepages_block compact_finished locks_unlink_lock_ctx __blkdev_issue_discard __ksize irq_work_queue __percpu_ref_switch_mode insert_header skb_crc32c_csum_help acpi_tb_resize_root_table_list acpi_tb_invalidate_table clear_page_dirty_for_io bus_add_device sched_numa_find_closest acpi_bios_error __x64_sys_msgctl __percpu_counter_sum print_modules __x64_sys_kexec_load dmi_check_system dmi_matches percpu_ref_kill_and_confirm open_softirq ring_buffer_record_off kmem_cache_alloc_node efi_arch_mem_reserve bio_alloc_bioset memchr_inv local_bh_enable.58714 trace_seq_putc ext4_alloc_file_blocks mempool_free atomic_dec_and_mutex_lock mntget irq_domain_activate_irq mm_init.4797 acpi_hw_write_multiple submit_bio_wait path_openat init_rescuer wait_for_completion_io blk_queue_enter bio_devname bio_chain mempool_alloc security_release_secctx __wake_up_parent kfree_const move_hugetlb_state install_breakpoint skb_copy_bits kobject_uevent map_ldt_struct fput raw_notifier_call_chain unmap_single_vma free_swap_and_cache try_to_unmap rb_advance_reader rb_get_reader_page page_remove_rmap hw_breakpoint_event_init free_pages schedule __dec_node_page_state mcheck_cpu_init tracepoint_add_func is_swbp_insn set_pfnblock_flags_mask key_instantiate_and_link follow_page sbitmap_prepare_to_wait arch_vma_name __oom_reap_task_mm synchronize_srcu kobject_get_ownership trace_rpm_return_int_rcuidle printk_safe_flush ___pskb_trim lockdep_assert_cpus_held show_state_filter kmsg_dump vzalloc destroy_workqueue get_cached_acl_rcu idr_get_next kthread_stop drain_workqueue pwq_adjust_max_active tlb_flush_mmu __mmu_notifier_invalidate_range_end __perf_event_account_interrupt ring_buffer_attach housekeeping_test_cpu zap_page_range_single __x64_sys_brk irq_domain_create_hierarchy __memblock_free_late get_seccomp_filter __free_pages_core fault_dirty_shared_page __disk_get_part scan_containers __se_sys_io_submit pm_qos_update_flags audit_put_chunk __ia32_sys_kexec_load acpi_ut_get_event_name acpi_enable_event acpi_clear_event __jump_label_transform text_poke_bp vma_interval_tree_insert_after blk_mq_sched_insert_requests acpi_tb_initialize_facs net_ratelimit prep_compound_gigantic_page acpi_hw_read wake_up_q blk_flush_complete_seq huge_pmd_share set_user_nice find_vma __x64_sys_lgetxattr blake2s_final vmacache_find ext4_mknod __mnt_want_write_file walk_system_ram_range ntp_get_next_leap cpuacct_charge update_queue strstr follow_huge_addr __queue_work __x64_sys_pipe huge_pte_offset do_set_cpus_allowed acpi_os_allocate.29526 klist_iter_exit kill_ioctx __ia32_sys_setfsgid16 delete_from_page_cache console_flush_on_panic skb_release_head_state __do_munmap vprintk_store deactivate_slab pm_runtime_drop_link write_cache_pages __free_pages flush_tlb_batched_pending __append_e820_table __blk_mq_tag_busy dec_zone_page_state dma_mmap_attrs get_links skb_checksum_help alloc_debug_processing msg_print_ext_body __vmalloc_node_flags_caller gfp_pfmemalloc_allowed normalize_rt_tasks __delayacct_freepages_end skb_mac_gso_segment ioremap_wc __blk_mq_run_hw_queue perf_event_header__init_id tsc_read_refs klist_del acpi_ut_valid_name_char device_pm_remove acpi_ut_initialize_buffer __x64_sys_mknod acpi_ns_build_normalized_path __bitmap_set is_acpi_device_node netdev_bits pud_clear_bad restricted_pointer p4d_clear_bad i915_gem_execbuffer_ioctl get_state_synchronize_rcu __irq_domain_add pcpu_create_chunk inc_nlink tick_suspend update_page_count page_evictable __x64_sys_remap_file_pages vfs_create_mount zone_watermark_ok_safe invert_screen init_timer_key idr_get_free d_alloc_anon untrack_pfn punt_bios_to_rescuer memchr security_locked_down trace_seq_printf ksys_semget ctx_sched_in vfs_kern_mount put_cred_rcu key_put device_add update_srbds_msr seq_vprintf _swap_info_get security_free_mnt_opts pm_runtime_reinit acpi_tb_acquire_temp_table __x64_sys_msgrcv acpi_parse_entries_array vfs_get_tree __ia32_sys_init_module csum_partial d_lookup uprobe_mmap fc_drop_locked sprint_backtrace logfc acpi_get_table_by_index kmemdup_nul _set_memory_wt shmem_add_to_page_cache __module_get ftrace_dump rmap_walk __kmalloc perf_pmu_enable queued_spin_lock_slowpath alternatives_smp_module_add flush_tlb_all device_pm_add __put_task_struct arch_release_task_struct uprobe_clear_state huge_add_to_page_cache bpf_prog_free arch_tlbbatch_flush put_callchain_buffers vm_area_dup down_read_trylock __reset_isolation_suitable security_vm_enough_memory_mm rpm_get_suppliers __d_instantiate perf_adjust_period __mmu_notifier_invalidate_range perf_log_throttle console_unblank ring_buffer_iter_empty __kfree_skb security_cred_free queued_read_lock_slowpath perf_output_end __perf_event_header__init_id autofs_root_compat_ioctl __pm_runtime_set_status pm_runtime_enable sysfs_unmerge_group sched_dl_overflow __se_sys_prlimit64 acpi_ut_remove_address_range __se_sys_adjtimex_time32 kstrdup_const __dev_printk blk_queue_flag_set kstrdup dev_printk_emit page_move_anon_rmap is_console_locked acpi_ut_set_integer_width __pm_pr_dbg _dev_err efi_sync_low_kernel_mappings percpu_up_write put_task_stack cea_set_pte perf_uprobe_init radix_tree_delete audit_uid_comparator filename_create wake_up_state tracing_update_buffers hex_string free_init_pages schedule_idle free_pool_huge_page __get_user_pages ptep_set_access_flags swap_free __alloc_fd calc_wheel_index __ia32_sys_quotactl do_page_add_anon_rmap __x64_sys_setresgid ring_buffer_set_clock __kmalloc_node_track_caller ia32_classify_syscall page_add_file_rmap dentry_name ptep_clear_flush io_sq_thread hugepage_add_new_anon_rmap rtnetlink_rcv __nodes_weight.14161 register_tracer find_extend_vma __ia32_sys_lgetxattr blake2s_compress_generic vma_interval_tree_insert populate_vma_page_range expand_downwards find_kallsyms_symbol perf_event_mmap text_poke_early osq_unlock dst_release netlink_broadcast_filtered __pud_alloc __down yield __ktime_get_real_seconds sk_free is_software_node __sk_free swap_page_sector sk_destruct skb_queue_tail xs_create_sock __vm_insert_mixed netlink_deliver_tap inc_zone_page_state ksize validate_xmit_skb skb_checksum skb_dump follow_phys hugetlb_basepage_index kobject_add_internal kfree_skb_list netdev_core_pick_tx ksys_msgget earlycon_map __skb_get_hash acpi_tb_parse_root_table insn_get_displacement mp_register_ioapic_irq __flow_hash_from_keys __unmap_hugepage_range_final get_cached_acl numa_add_cpu __siphash_unaligned lo_ioctl put_ipc_ns rcu_gp_is_expedited acpi_install_table rcu_eqs_exit async_schedule_node_domain smca_configure skb_put skb_over_panic __skb_tstamp_tx compat_ksys_msgsnd nla_put _raw_read_lock_bh early_memremap_pgprot_adjust kfree_skb __ia32_compat_sys_old_shmctl cd_forget printk_safe_flush_on_panic skb_clone __skb_clone __copy_skb_header __cpuset_memory_pressure_bump clockevents_switch_state idr_for_each sysfs_create_link assoc_array_insert isolate_lru_pages send_signal kobject_get_path trace_rpm_suspend_rcuidle update_curr sock_queue_err_skb printk_deferred __ia32_compat_sys_mount acpi_get_table kmemdup __mcheck_cpu_init_generic sysrq_timer_list_show hrtimer_forward __x64_sys_fspick page_frag_free nr_iowait_cpu rcu_idle_exit __clocksource_select rt_mutex_setprio tick_set_periodic_handler _do_fork __clk_get_name audit_log_vformat assoc_array_walk bitmap_free tick_resume_check_broadcast tick_suspend_broadcast audit_log_lost tick_nohz_idle_restart_tick _credit_init_bits arch_cpu_idle_dead tick_nohz_next_event bitmap_string page_vma_mapped_walk anon_vma_interval_tree_insert insn_rip_relative perf_ioctl insn_get_prefixes perf_compat_ioctl sg_new_write insn_get_opcode inat_get_escape_attribute switch_to_new_gdt insn_init is_trap_insn __read_swap_cache_async unlink_file_vma __cpuhp_state_add_instance_cpuslocked tsc_verify_tsc_adjust irq_domain_free_fwnode __cgroup_task_count hrtimer_reprogram cpudl_cleanup slab_pad_check task_work_run acpi_info driver_deferred_probe_del clocksource_resume klist_dec_and_del __unmap_hugepage_range set_cpus_allowed_ptr huge_pmd_unshare __set_cpus_allowed_ptr vfs_unlink sched_setscheduler_nocheck print_trace_line trace_print_context timekeeping_advance __ia32_compat_sys_rt_tgsigqueueinfo trace_seq_putmem_hex trace_seq_putmem trace_seq_puts trace_seq_bprintf acpi_tb_checksum alloc_fresh_huge_page lookup_symbol_name sched_show_task generic_permission __find_next_entry __qdisc_calculate_pkt_len ring_buffer_event_data compat_tcp_setsockopt selinux_capable consume_skb ring_buffer_iter_peek tick_resume trace_empty debug_locks_off blk_mq_flush_busy_ctxs clear_selection alloc_huge_page complement_pos blk_mq_end_request vc_is_sel redraw_screen __ftrace_event_enable_disable parse_monolithic_mount_data set_origin timerslack_ns_open crash_save_vmcoreinfo vmcoreinfo_append_str build_attr crash_setup_regs bust_spinlocks rcu_needs_cpu inc_ucount trace_buffered_event_enable text_poke_bp_batch add_device_randomness dec_ucount memblock_isolate_range acpi_match_platform_list rb_advance_iter try_lookup_one_len wake_up_new_task start_creating.21890 acpi_ut_update_ref_count security_key_alloc cgroup_fork mnt_release_group_id copy_mnt_ns copy_utsname copy_pid_ns copy_namespaces copy_thread_tls alloc_pid tracing_stop_tgid_record mq_put_mnt cgroup_can_fork attach_pid proc_fork_connector arch_cpu_idle_enter uprobe_copy_process free_uts_ns msg_exit_ns audit_exe_compare __sbitmap_queue_get_shallow __kmem_cache_shutdown mark_oom_victim putname put_io_context_active flush_workqueue_prep_pwqs acpi_tb_release_temp_table __x64_sys_mkdir write_inode register_leaf_sysctl_tables down_timeout cyc2ns_init_boot_cpu peernet_has_id __insert_resource xas_nomem aio_read audit_tree_match memblock_is_region_reserved ext4_compat_ioctl ip_options_compile audit_match_class native_flush_tlb_others read_pci_config_16 acpi_tb_notify_table __ia32_compat_sys_keyctl register_earlycon devtmpfs_delete_node irq_activate register_handler_proc unwind_get_return_address_ptr dpm_sysfs_add page_get_anon_vma tick_broadcast_oneshot_control perf_event_init_task __inc_node_state acpi_ns_delete_children rotate_reclaimable_page trace_tlb_flush_rcuidle acpi_tb_print_table_header move_to_new_page wakeup_source_destroy check_flush_dependency cpu_detect detect_ht filter_mce filename_mountpoint intel_init_cmci audit_log_pid_context prepare_threshold_block __d_lookup_rcu acpi_penalize_sci_irq dev_fwnode crng_reseed send_sigio __delayacct_tsk_init set_primary_fwnode cpuset_read_lock cpuset_read_unlock perf_event_comm do_user_addr_fault __irq_domain_activate_irq __ia32_sys_setreuid vm_unmap_aliases task_will_free_mem __cgroup_account_cputime cpa_flush swap_readpage do_smart_wakeup_zero clock clocksource_start_suspend_timing worker_enter_idle pti_user_pagetable_walk_pmd __page_cache_release unmask_irq cgroup_freezer_migrate_task print_bad_pte msg_print_text slab_out_of_memory insert_vmap_area_augment del_timer lookup_one_len audit_alloc __destroy_inode get_cmdline __dump_page stack_type_name sysfs_update_groups filp_close get_page_from_freelist pmd_clear_bad address_val __ia32_compat_sys_open_by_handle_at __queue_delayed_work audit_log_format sysfs_create_dir_ns drop_buffers lockref_put_return init_dl_inactive_task_timer init_idle percpu_counter_set rwsem_optimistic_spin ring_buffer_change_overwrite apply_trace_boot_options cpuhp_issue_call cn_proc_init ns_to_timespec64 posix_cputimers_group_init devres_release_all setup_irq_thread put_unused_fd try_to_del_timer_sync ctrl_alt_del __wait_on_bit __dentry_kill __wake_up_locked_key_bookmark rcu_init_geometry cpuset_print_current_mems_allowed cgroup_migrate_add_src auditsc_get_stamp truncate_exceptional_pvec_entries arch_memremap_can_ram_remap fpu__init_cpu pm_runtime_init __ia32_sys_setuid vfree constrained_alloc prepare_to_wait wakeup_source_sysfs_remove kmsg_poll __dev_pm_qos_resume_latency _vm_unmap_aliases __cpa_process_fault next_arg __fsnotify_update_child_dentry_flags string show_free_areas ops_init file_path __alloc_pages_slowpath trace_event_follow_fork packet_sendmsg bug_at bvec_alloc tracing_stop_cmdline_record dump_header kvmalloc_node kernfs_add_one skb_warn_bad_offload init_worker_pool it_real_fn kernfs_new_node check_bytes_and_report __early_set_fixmap __x64_sys_pipe2 ttwu_queue_remote page_referenced __module_address register_console acpi_os_unmap_memory copy_cgroup_ns dup_mm make_alloc_exact prepare_task_switch widen_string resource_string rwsem_mark_wake sprint_symbol inat_get_group_attribute acpi_ns_handle_to_name get_order.13776 __schedule_bug free_unref_page_list device_links_unbind_consumers rcu_all_qs rcu_report_qs_rnp acpi_hw_get_access_bit_width change_page_attr_set_clr bdev_name retain_dentry cpuset_cpus_allowed_fallback kernfs_create_empty_dir anon_vma_interval_tree_iter_next __mmu_notifier_mm_destroy audit_comparator radix_tree_delete_item __ia32_sys_mremap symbol_string tick_nohz_idle_retain_tick kobject_synth_uevent test_clear_page_writeback panic_smp_self_stop device_links_driver_bound create_pipe_files ttwu_do_wakeup smp_call_function_single per_cpu_ptr_to_phys cpuhp_report_idle_dead fsnotify_destroy_mark security_audit_rule_match ptr_to_id profile_hits xas_load blk_mq_flush_plug_list __se_sys_io_uring_setup try_to_munlock nested_table_free ip_addr_string __ia32_sys_adjtimex anon_vma_interval_tree_iter_first __ia32_sys_pipe2 copy_hugetlb_page_range ttwu_stat file_dentry_name linear_hugepage_index blk_queue_flag_test_and_set calibration_delay_done kernfs_activate d_alloc_pseudo generic_processor_info kernfs_create_root =o= --- DONE! --- ------------STATISTICS--------------- 46084 : Functions greeted 117 : External functions 0 : Discovered Path 0 : Matched Path 31660 : Good Path 1563 : Bad Path 91418 : Ignored Path 0 : Path Unable to Resolve 0 : Resolved CallSite Using Function Pointer 744 : Critical Functions 156 : Critical Variables 0 : # of times max depth for forward analysis hit 0 : # of times max depth for backward analysis hit 65 : Critical Function Pointer Unable to Resolve, Collect Pass 193 : Critical Function Pointer Resolved, Collect Pass 3026 : Critical Functions used by non CallInst 44041 : Critical Functions used by static assignment 139 : # of times indirect call site matched with critical functions 37903 : # of times indirect call site failed to match with critical functions 0 : found capability check inside call using function ptr 276 : number of critical function skipped(uniq)